git-commit-helper
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains a "CROWN RULE" that explicitly instructs the AI to hide its identity. It forbids the inclusion of AI attribution footers (e.g., "Generated with Claude") and mandates that commits must appear "human-authored only." This is a directive to bypass standard AI disclosure and transparency guidelines.\n- [COMMAND_EXECUTION]: The skill provides multiple shell scripts designed to execute Git commands (
git commit,git diff,git log) and system utilities. These scripts are used for workflow automation and rely on shell execution environments.\n- [PERSISTENCE_MECHANISMS]: The skill directs users to install scripts into the.git/hooks/directory and grant them execution permissions viachmod +x. This establishes a mechanism where the scripts are automatically and persistently executed during specific points in the repository's lifecycle (e.g., pre-commit and commit-msg).\n- [INDIRECT_PROMPT_INJECTION]: The scripts ingest data from external sources within the repository, creating a potential attack surface for indirect injection.\n - Ingestion points: The
smart-commit.sh,pre-commit, andgenerate-changelog.shscripts read data fromgit diff --cachedandgit log.\n - Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands within the processed git data.\n
- Capability inventory: Ability to execute git commands and shell scripts.\n
- Sanitization: Uses basic string processing with
grepandsed, but lacks comprehensive sanitization for untrusted content in files or commit messages.
Audit Metadata