commit-ja
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes local shell scripts (
get-git-status.shandgit-commit.sh) to invoke standard Git binary commands. These operations are essential for the skill's purpose of managing repository commits and do not perform any unauthorized system or network activities. | - [PROMPT_INJECTION] (LOW): The skill is potentially vulnerable to indirect prompt injection because it reads and processes external data via
git diff. Malicious instructions embedded in the code changes could attempt to manipulate the AI-generated commit summary. Mandatory Evidence Chain: (1) Ingestion points: Output fromscripts/get-git-status.sh(git diff). (2) Boundary markers: Absent inSKILL.md. (3) Capability inventory: Git commit execution viascripts/git-commit.sh. (4) Sanitization: Human-in-the-loop review (Step 5) requires user confirmation before the commit is finalized.
Audit Metadata