commit
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill includes a dedicated 'Smart Stage' step that explicitly blacklists sensitive file patterns, including
.env,*.pem,*.key, andcredentials*, reducing the risk of accidental data exposure. - [COMMAND_EXECUTION]: The skill uses the Bash tool to execute standard Git commands for repository management, such as
git status,git diff,git rebase, andgit push. All operations are performed on the local repository or the user's definedoriginremote. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data by reading the output of
git diffto generate commit messages and branch slugs. - Ingestion points: Reads local file changes via
git diffandgit diff --cachedin Step 2 and Step 5 (SKILL.md). - Boundary markers: No explicit delimiters are used to wrap the diff content when processed by the agent.
- Capability inventory: The skill has the ability to create branches, commit code, and push to a remote repository via the Bash tool (SKILL.md).
- Sanitization: The skill utilizes a shell HEREDOC pattern when executing
git committo prevent content within the generated message from being interpreted as shell commands.
Audit Metadata