semantic-git
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection because it identifies and executes CI scripts from untrusted local files.\n
- Ingestion points: Reads script names and execution patterns from
package.json,justfile,makefile, andpyproject.toml(as specified inreferences/ci-verification.md).\n - Boundary markers: Absent; the skill does not implement delimiters or 'ignore' instructions for data read from the repository context.\n
- Capability inventory: Possesses shell command execution capabilities via
git,npm,pnpm,make,cargo, andpytest.\n - Sanitization: Absent; the skill trusts and executes scripts found in the repository configuration without validation.\n- [Command Execution] (LOW): The skill's primary function is the execution of shell commands.\n
- Evidence: The skill constructs and executes
gitcommands and various CI tools. Although it includes a 'User-In-The-Loop' protocol for commit operations, CI checks are executed automatically upon detection of relevant configuration files.\n- [Dynamic Execution] (LOW): Constructs shell commands dynamically at runtime using local file data and AI-generated messages.\n - Evidence: Assembles complex
git commitstrings incorporating environment variables likeGIT_AUTHOR_DATEandGIT_COMMITTER_DATEbased on repository history and user preferences.
Audit Metadata