commit
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill automates repository management tasks using git commands such as
status,stash,pull, andcommit. It also utilizesnpx husky initto set up development environment hooks.\n- [EXTERNAL_DOWNLOADS]: The skill fetches thehuskypackage from the official npm registry to initialize git hooks within the project.\n- [PROMPT_INJECTION]: The skill analyzes codebase changes and git diffs to automatically generate commit messages. This capability exposes an indirect prompt injection surface where malicious instructions embedded in the project files could attempt to influence the agent's behavior or output.\n - Ingestion points: Repository files, git diffs,
git statusoutput, andpackage.json.\n - Boundary markers: No explicit delimiters or instruction-ignore markers are defined for the ingested repository content.\n
- Capability inventory: Shell access for git operations and node package management.\n
- Sanitization: The skill does not implement specific sanitization or filtering for data read from the repository files.
Audit Metadata