sred-commit
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to perform standard repository operations including Git diffing, logging, status checks, and committing. These actions are limited to local repository management and do not involve unauthorized command execution.- [COMMAND_EXECUTION]: It invokes a local TypeScript validation script (sred-commit-guard.ts) using the bun runtime. The script path is located within the standard Claude plugin marketplace directory structure.- [PROMPT_INJECTION]: The skill reads repository history and changes to generate commit trailers, which constitutes a surface for indirect prompt injection. • Ingestion points: Output from git diff, git log, and git status. • Boundary markers: None present. • Capability inventory: Bash tool usage for Git and bun, file writing to /tmp, and user interaction. • Sanitization: Implements a validation step using an external script to verify generated commit messages before they are finalized.
Audit Metadata