clean-commits
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill mandates executing project-defined scripts to ensure a 'working state'. This creates a vulnerability where malicious commands embedded in configuration files like package.json are executed by the agent. Ingestion points: Local repository files and build configurations. Boundary markers: Absent. Capability inventory: Access to Bash and mcp__git__ tools for script execution and file modification. Sanitization: Absent.
- [Command Execution] (MEDIUM): The skill utilizes Bash for selective staging and commit management, which provides an attack surface for command injection when the agent processes untrusted repository content or diffs.
Recommendations
- AI detected serious security threats
Audit Metadata