smart-commit
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a restricted set of bash commands, specifically git and stat, to manage repository state. These tools are scoped through the allowed-tools configuration, and the skill also safely uses dynamic context injection to pre-populate repository metadata upon loading.
- [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection because it is instructed to process and prioritize directives from local repository files like CLAUDE.md and analyzed git diff content. This could allow malicious files within a project to influence the agent's behavior during the commit process. However, the risk is mitigated by the restricted toolset and the implementation of HEREDOCs for command execution to prevent secondary injection.
- Ingestion points: CLAUDE.md (via Read tool), git diff, and git log outputs.
- Boundary markers: Absent; project-specific directives are treated as authoritative overrides.
- Capability inventory: Local repository management via git; no network access or broad shell execution granted.
- Sanitization: Uses HEREDOC syntax for git commit messages to ensure that AI-generated text is not interpreted as shell commands.
Audit Metadata