git-commit
Warn
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): The skill is vulnerable to indirect prompt injection from the codebase being analyzed. \n
- Ingestion points: The skill uses
git diffandgit diff --stagedto read external file content into the agent context. \n - Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the diffs are provided. \n
- Capability inventory: The skill has the authority to run
git addandgit commit, which modifies the filesystem and repository history. \n - Sanitization: No sanitization of the diff content is performed before the agent uses it to generate text for the commit message. \n- [COMMAND_EXECUTION] (LOW): The skill relies on the Bash tool to execute git commands. \n
- Evidence: The workflow uses shell execution for all operations. While restricted to git commands, a malicious diff could attempt to trick the agent into generating a commit message that includes shell metacharacters to escape the
git commit -mcommand.
Audit Metadata