commit
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is susceptible to indirect prompt injection because it processes external content (staged code) and possesses write/execute capabilities. 1. Ingestion points: Output from 'git diff --staged' is used to draft the message. 2. Boundary markers: None; the skill lacks delimiters or instructions to ignore instructions embedded in the diff output. 3. Capability inventory: Uses 'git commit' to modify the repository state. 4. Sanitization: None; external content is processed directly to compose instructions for the agent.
- COMMAND_EXECUTION (LOW): The skill invokes 'git' commands directly on the host system. While these commands are specific to the skill's purpose, they facilitate interaction with the local environment.
Recommendations
- AI detected serious security threats
Audit Metadata