Skills
skills/yulonglin/dotfiles/commit/Gen Agent Trust Hub

commit

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes several local git commands to manage the repository state.
  • Evidence: Usage of git status --short, git diff --stat, git log --oneline -3, git add, and git commit -m "..." in SKILL.md.
  • Context: These are standard operations for the skill's primary purpose of committing work.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) as it processes data that could be controlled by an external actor (e.g., code in files or previous commit messages).
  • Ingestion points: File contents and git logs accessed via git diff and git log as specified in SKILL.md instructions.
  • Boundary markers: Absent; there are no delimiters or instructions to treat the ingested data as untrusted text.
  • Capability inventory: Subprocess execution of git commands which can modify the repository state.
  • Sanitization: Absent; the skill does not filter or sanitize the output of git commands before using it to inform subsequent actions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 01:12 AM