commit
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill facilitates standard Git commit operations and adheres to project quality mandates through local verification commands like 'npm run lint' or 'cargo check'.- [PROMPT_INJECTION]: The skill reads formatting rules from a local '.skills/conventions.json' file. While this represents an ingestion point for repository-provided configuration data (indirect prompt injection surface), it is a standard mechanism for adhering to project-specific standards and does not involve executing the input.- [COMMAND_EXECUTION]: The skill uses shell operations to write temporary files via heredocs and execute Git commands. These operations are restricted to the local environment and are used to implement the intended multi-line commit message functionality.
Audit Metadata