brevix-commit
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
git diff --cachedcommand to retrieve the contents of staged changes. This is a legitimate and necessary operation for the skill's primary function of generating commit messages based on local code modifications. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted data from git diffs. Ingestion points: Staged changes accessed via
git diff --cachedas mentioned in the workflow section ofSKILL.md. Boundary markers: None present; the instructions do not specify delimiters to separate the diff data from the agent's instructions. Capability inventory: The skill is limited to reading local repository state and lacks network access, file write permissions, or administrative privileges. Sanitization: No sanitization or escaping is applied to the retrieved diff content before processing.
Audit Metadata