git-commit
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute git commands (status, log, diff, add, commit). Execution is restricted to the git binary and its subcommands, aligning with the skill's primary purpose.
- [DATA_EXFILTRATION]: The skill reads local file contents and git history to generate context for commit messages. It includes a specific security rule to never stage secret files like .env, credentials, keys, or tokens. There are no network operations or external data transmissions.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from file diffs and contents. It mitigates potential injection risks during command construction by using quoted HEREDOC syntax (
cat <<'EOF'), which prevents the shell from expanding or evaluating potentially malicious characters within the generated commit message text.
Audit Metadata