Skills
skills/vasilyu1983/ai-agents-public/dev-git-commit-message/Gen Agent Trust Hub

dev-git-commit-message

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes git diff --staged to retrieve code changes for analysis. It also suggests running tsc --noEmit as part of its workflow to ensure type safety before commits are finalized.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection, as it processes untrusted code changes from staged git diffs which could contain malicious instructions designed to manipulate the agent's output.
  • Ingestion points: The skill reads data from staged files via git diff --staged (SKILL.md).
  • Boundary markers: No explicit delimiters or boundary markers are used to isolate the diff content from instructions (SKILL.md).
  • Capability inventory: The skill uses git diff, git status, and tsc --noEmit across its scripts (SKILL.md, config.yaml).
  • Sanitization: No sanitization or filtering of the diff content is performed prior to processing (SKILL.md).
  • [EXTERNAL_DOWNLOADS]: The documentation provides instructions for installing well-known developer tools and security scanners, such as semantic-release, commitlint, and gitleaks, from official and trusted package registries.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 04:23 AM