Skills
skills/willsigmon/sigstack/Leavn Commit Machine/Gen Agent Trust Hub

Leavn Commit Machine

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill creates a significant attack surface by reading untrusted data and having command execution capabilities.
  • Ingestion points: The agent reads data from git diff and git status as instructed in SKILL.md.
  • Boundary markers: No delimiters or explicit instructions are provided to help the agent distinguish between code changes and malicious instructions within those changes.
  • Capability inventory: The skill is granted Bash tool access, which can be leveraged for arbitrary command execution if the agent is manipulated by the file content it reads.
  • Sanitization: There is no evidence of filtering or escaping logic to prevent external content from being interpreted as instructions.
  • Command Execution (LOW): The skill utilizes the Bash tool for standard git operations. While appropriate for the task, these commands are the primary vector for exploitation if an injection occurs.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 05:50 AM