git-commit
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute standard git commands, including 'git diff', 'git status', 'git add', and 'git commit'. These commands are necessary for the skill's primary function of managing version control changes.- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it analyzes 'git diff' output, which contains untrusted content from a repository. While a malicious diff could attempt to influence the generated commit message, the skill's logic is constrained to metadata generation and does not execute the content of the diff.- [DATA_EXPOSURE]: The documentation includes an explicit safety warning to 'Never commit secrets' and lists sensitive file patterns like '.env' and 'credentials.json', demonstrating a security-conscious design.
Audit Metadata