commit
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): Vulnerable to indirect prompt injection through processed code changes.
- Ingestion points: The skill reads untrusted data from the local environment via
git diff --stagedin Step 2 of the workflow. - Boundary markers: Absent. There are no instructions or delimiters used to separate the diff content from the agent's instructions, nor are there warnings to ignore embedded instructions within the code.
- Capability inventory: The skill executes shell commands (
git add,git status,git diff) and makes decisions about commit metadata based on external content. - Sanitization: None. The diff output is processed directly by the agent to identify the change type and write descriptions.
- [COMMAND_EXECUTION] (LOW): The skill requires the execution of local system commands.
- It explicitly directs the agent to run
git add -A,git status, andgit diff --staged. While standard for a git-related skill, these are subprocess calls that interact with the host file system.
Audit Metadata