Skills
skills/ruchernchong/claude-kit/commit/Gen Agent Trust Hub

commit

Pass

Audited by Gen Agent Trust Hub on Feb 13, 2026

Risk Level: LOWEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis

================================================================================

šŸ”µ VERDICT: LOW

This skill is primarily instructional, guiding the agent on how to perform Git commits and integrate pre-commit security checks using GitLeaks. The primary security concern is the mention of external tools (npx husky init, gitleaks) which, while reputable, represent unverifiable dependencies that the agent might be instructed to install or configure. This is downgraded to LOW severity due to the trusted nature of these tools. Additionally, as the skill involves processing user-generated content (e.g., commit messages, GitHub issue references), there's an inherent, indirect risk of prompt injection if the agent were to blindly incorporate untrusted text into its actions without proper sanitization.

Total Findings: 2

šŸŸ” MEDIUM Findings: ā€¢ None

šŸ”µ LOW Findings: ā€¢ Unverifiable Dependencies

  • Line 12: The skill instructs the user to run npx husky init and mentions gitleaks protect. These are external tools that, while reputable, represent external dependencies that the agent might be instructed to install or configure. This is a LOW severity finding due to the trusted nature of husky and gitleaks.

ā„¹ļø TRUSTED SOURCE References: ā€¢ None directly from trusted GitHub repos, but husky and gitleaks are widely used and generally considered reputable open-source projects.

================================================================================

Audit Metadata
Risk Level
LOW
Analyzed
Feb 13, 2026, 06:11 AM