Git Commit
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill possesses an attack surface where untrusted data from Jira tickets and code diffs is integrated into the prompt and subsequent shell commands. 1. Ingestion points: Jira issue details (via mcp__zapier__jira_software_cloud_find_issue_by_key) and git diff --staged output. 2. Boundary markers: None present; data is directly interpolated into the context. 3. Capability inventory: git commit and git push. 4. Sanitization: None present.
- Command Execution (LOW): The skill performs shell-based operations using the git CLI. 1. Mitigation: The skill constructs the git commit command using the quoted heredoc ('EOF') pattern, which prevents shell expansion of the message content and neutralizes shell injection. 2. Mitigation: Sensitive commands such as commit and push are intentionally omitted from the allowed-tools manifest, ensuring the agent cannot execute them without explicit out-of-band user permission.
Audit Metadata