work-summary
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill contains a shell command injection vulnerability. User-controlled inputs for repository paths and author information are interpolated directly into Bash strings in Step 2 and Step 3. An attacker could use shell metacharacters to execute unauthorized commands on the underlying system.
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to indirect prompt injection (Category 8).
- Ingestion points: Git commit messages and repository files are read and processed in SKILL.md Step 4.
- Boundary markers: None are present to delimit untrusted data from instructions.
- Capability inventory: The skill has access to Bash, Write, Read, and Glob tools, providing a high-impact attack surface if hijacked.
- Sanitization: No sanitization or filtering of commit messages is performed before they are presented to the agent for summarization. This allows malicious commit messages to influence or override agent behavior.
Recommendations
- AI detected serious security threats
Audit Metadata