commit-message
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from the local repository via git commands, creating an indirect prompt injection surface.
- Ingestion points: Data enters the agent context through the outputs of
git diffandgit status(SKILL.md). - Boundary markers: The instructions do not define specific delimiters or boundary markers to distinguish between legitimate code content and potentially malicious instructions embedded within the files.
- Capability inventory: The skill is limited to
git statusandgit difftools; it does not have permissions for network access, file writing, or administrative command execution. - Sanitization: No sanitization or filtering is performed on the output of the git commands before processing.
Audit Metadata