commit-helper
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [NO_CODE] (INFO): The provided skill consists only of a README.md file. No SKILL.md or executable scripts (Python, JavaScript, etc.) are included for analysis, making it impossible to verify the implementation safety.- [COMMAND_EXECUTION] (HIGH): The skill's workflow includes running linters, type checks, and git commits (Workflow steps 6 and 7). This requires the agent to execute shell commands, which poses a significant risk if the commands or their arguments are derived from the content of the files being analyzed.- [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8). It ingests untrusted data from local files to generate commit messages and group changes. Malicious instructions embedded in the code being scanned could hijack the agent's logic during analysis or command execution. Evidence Chain: 1. Ingestion: Scanning all modified files (Step 1). 2. Boundary markers: None described in the documentation to separate code from instructions. 3. Capability inventory: Execution of linters, type checks, and git commands. 4. Sanitization: No mention of sanitizing or escaping content before processing.
Recommendations
- AI detected serious security threats
Audit Metadata