conventional-commits
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted data from staged git changes to generate commit messages.
- Ingestion points: The workflow requires reading staged code changes to determine the nature of the modification as described in SKILL.md.
- Boundary markers: No explicit delimiters or instructions to ignore instructions embedded within the code changes are included in the instructions or templates.
- Capability inventory: The skill is limited to text generation for commit messages. There are no indications of subprocess execution, file system modifications, or network operations within the provided files.
- Sanitization: The skill does not perform sanitization or validation on the input code changes before incorporating them into the reasoning process for message generation.
Audit Metadata