Skills
skills/ytl-cement/coding-buddy/sdapp-commit/Gen Agent Trust Hub

sdapp-commit

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it analyzes untrusted data from the repository to perform its core functions.
  • Ingestion points: The agent reads the output of git diff --cached and git log --oneline -5 to understand the code changes and match the project's style (SKILL.md).
  • Boundary markers: Absent. There are no explicit instructions or delimiters used to separate the content of the code changes from the system instructions, which could allow malicious code comments to influence the agent.
  • Capability inventory: The skill has the ability to execute git add and git commit commands, and it can programmatically invoke the sdapp-jira-log skill (SKILL.md).
  • Sanitization: Absent. The skill does not validate or sanitize the content extracted from the git repository before using it to draft commit messages.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 06:41 AM