git-commit
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute standard git commands such as
git diff,git status,git add, andgit commit. These are necessary for the skill's primary purpose. - [DATA_EXFILTRATION]: The skill explicitly includes a security guideline: 'Never commit secrets (.env, credentials.json, private keys).' This proactively addresses the risk of accidental data exposure during the commit process.
- [PROMPT_INJECTION]: No malicious prompt injection patterns or attempts to bypass agent safety filters were detected in the instructions.
- [INDIRECT_PROMPT_INJECTION]: The skill reads external data via
git diff, which represents a potential injection surface if an attacker controls the file content being committed. However, the 'Git Safety Protocol' mitigates this risk by explicitly forbidding destructive commands like--force, hard resets, or modifications to the git configuration.
Audit Metadata