commit
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several git commands via the Bash tool, including
git add,git commit, andgit push, to automate version control tasks. These operations are the primary purpose of the skill. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection (Category 8) due to how it handles local repository data.
- Ingestion points: Untrusted data is ingested into the agent context from the output of
git statusandgit diff HEADinSKILL.md. - Boundary markers: The skill does not use delimiters or provide instructions to the agent to ignore potentially malicious commands embedded within the diff or file names.
- Capability inventory: The skill has the capability to run arbitrary shell commands through the Bash tool, enabling file system modifications and network transmissions via
git push. - Sanitization: No sanitization or escaping is applied to the content retrieved from the repository before it is processed by the agent.
Audit Metadata