commit-splitter
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No malicious patterns detected. The skill uses standard Git commands and a local Python script for text processing. All file operations are confined to the repository and temporary directory.
- [Indirect Prompt Injection] (SAFE): While the skill processes untrusted repository data (git diffs), it does so using a dedicated parsing script that validates hunk indices and avoids direct shell execution of the data. 1. Ingestion points:
extract-hunks.pyreads patch files generated from the repository. 2. Boundary markers: The script relies on the structured nature of git patches (@@ headers). 3. Capability inventory: Usesgit apply --cachedandgit commiton selected hunks. 4. Sanitization: The Python script validates hunk selections and only outputs formatted patch segments, mitigating risks associated with malicious diff content.
Audit Metadata