git-commit
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to indirect prompt injection due to its handling of untrusted diff and log data while possessing write capabilities. * Ingestion points: Uses git diff and git log to read repository data (SKILL.md). * Boundary markers: Absent; no delimiters are used to separate user data from instructions. * Capability inventory: Authorized to execute the git commit command (SKILL.md). * Sanitization: Absent; no data validation or escaping is performed on the ingested content.
- [COMMAND_EXECUTION] (LOW): The skill executes local git commands. Although restricted to a specific set, it represents a direct shell interaction surface.
Recommendations
- AI detected serious security threats
Audit Metadata