Skills
skills/ynz012x/skills/git-commit-generator/Gen Agent Trust Hub

git-commit-generator

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes local shell commands including git status, git diff, git log, and git commit to inspect the repository state and perform automated commits.\n- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface (Category 8) because it processes untrusted data from source code diffs and git logs to generate descriptive text.\n
  • Ingestion points: The skill reads external data via git diff --cached and git log --oneline -5 as specified in SKILL.md.\n
  • Boundary markers: There are no explicit delimiters or instructions to ignore potential commands embedded within the diff content during processing.\n
  • Capability inventory: The skill possesses the capability to execute shell commands (git commit).\n
  • Sanitization: The skill mitigates the risk of command injection by using a quoted heredoc structure (cat <<'EOF') when executing the final commit command, which ensures that any special characters or symbols in the generated message are treated as literal text and not interpreted by the shell.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 11:11 AM