commit-message
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill is comprised solely of Markdown documentation and instructions. No scripts, binaries, or configuration files capable of execution are included.
- [Prompt Injection] (SAFE): No attempts to bypass agent constraints or override system behavior were detected. The instructions are limited to language and formatting conventions.
- [Data Exposure & Exfiltration] (SAFE): No credentials or sensitive file paths are present. External links point to established documentation sites like conventionalcommits.org and semver.org.
- [Indirect Prompt Injection] (LOW): The skill is designed to format user-provided descriptions into commit messages. While this constitutes a data ingestion surface, the skill possesses no exploitable capabilities such as file writing, shell execution, or network requests. Evidence:
- Ingestion points: User-provided source code changes or descriptions (implied by use-case).
- Boundary markers: None defined.
- Capability inventory: No executable capabilities detected in any file.
- Sanitization: Not applicable for text formatting output.
Audit Metadata