commit-commands
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs shell command execution using standard development tools including
gitand the GitHub CLI (gh) in filesreferences/commands/commit.md,references/commands/commit-push-pr.md, andreferences/commands/clean_gone.md. These commands are used for staging changes, committing code, managing branches, and interacting with remote repositories. - [PROMPT_INJECTION]: The skill's architecture is vulnerable to indirect prompt injection (Category 8) due to its processing of untrusted repository data.
- Ingestion points: The components
references/commands/commit.mdandreferences/commands/commit-push-pr.mdingest the output ofgit status,git diff HEAD, andgit logdirectly into the prompt context to facilitate the generation of commit messages. - Boundary markers: The prompt uses standard Markdown headers to distinguish system instructions from repository output, which lacks robust isolation to prevent the agent from potentially executing instructions found within code diffs.
- Capability inventory: The agent has permissions to perform git commits, push code, and create pull requests, which could be misused if an injection successfully influences the agent's logic.
- Sanitization: The skill does not implement any validation or sanitization of the git output before presenting it to the language model.
Audit Metadata