commit
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security vulnerabilities or malicious patterns were identified during the analysis.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform standard Git operations (add, commit, status, diff, branch) and execute local development tools (Poetry, Ruff, MyPy, NPM). These actions are strictly aligned with the skill's primary function of version control management.
- [PROMPT_INJECTION]: The skill contains defensive instructions that require the agent to verify the active branch before committing, specifically preventing commits to 'main', 'dev', or 'master'. These instructions serve as workflow safeguards rather than bypass attempts.
- [SAFE]: The skill's input handling of user-provided commit messages was evaluated for potential injection risks.
- Ingestion points: User-provided
[message]argument inSKILL.md. - Boundary markers: Conventional commit formatting (e.g.,
<type>(<scope>): <description>) provides structural boundaries for the input. - Capability inventory: The skill utilizes git operations and standard linting tools via Bash.
- Sanitization: The
scripts/validate-conventional.shutility performs regex-based validation of the message format before allowing the commit to proceed.
Audit Metadata