commit-style-enforcer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill requires the execution of a local script
./analyze-commit-style.sh. Running arbitrary scripts provided within a skill folder is a high-risk operation, as the script's logic is not visible in the instruction file and it interacts directly with the host system's shell. - [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection vulnerability (Category 8). The skill processes untrusted external data (git commit history) to generate a 'style guide' which then dictates the agent's future actions.
- Ingestion points: The
analyze-commit-style.shscript reads the last 15 commits from the current repository. - Boundary markers: No delimiters or safety instructions are used to prevent the agent from obeying instructions embedded within malicious commit messages.
- Capability inventory: The agent has the ability to execute shell scripts, write to the filesystem, and perform git commits.
- Sanitization: There is no evidence of sanitization or filtering of the commit messages before they are used to generate the
commit-style.mdfile.
Recommendations
- AI detected serious security threats
Audit Metadata