git-commit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted data from git diffs which may contain hidden instructions that influence the agent's behavior.
- Ingestion points: The workflow in
SKILL.mdtriggersgit diff --stagedto read code changes. - Boundary markers: There are no boundary markers or instructions to the agent to ignore content within the diff that looks like commands or instructions.
- Capability inventory: The skill is allowed to use
run_terminal_cmd, which provides a significant attack surface if the agent is tricked via the diff content. - Sanitization: No sanitization or validation of the diff output is performed before processing.
- [Command Execution] (SAFE): The skill uses
run_terminal_cmdfor its intended purpose of managing git operations. While this is a powerful capability, it is directly related to the skill's primary function.
Audit Metadata