The Agent Skills Directory

[Command Execution] (HIGH): The scripts/commit.ts file is vulnerable to shell command injection. The script constructs a git commit command using a shell heredoc (cat <<'EOF') to include the commit message. Because the script does not sanitize the input for the EOF delimiter, a message containing EOF followed by a newline and other shell commands will result in those commands being executed by the shell. This occurs in the main function where the cmd string is built and then passed to Bun.spawn (lines 209-215).\n- [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The skill automatically executes pnpm scripts (lint, build, generate:docs) defined in the repository's package.json file. If an attacker tricks a user into running this skill on a malicious repository, these scripts will execute arbitrary code on the user's machine. While these are documented 'pre-commit checks', the lack of a mandatory confirmation before execution (unless the check fails) poses a risk. This is located in runPreCommitChecks at line 75.\n- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from git diff output to analyze changes and suggest commit types. There is no sanitization or boundary marking for this input, which could allow malicious code within a file being committed to influence the generated commit categorization. This is located in analyzeChanges at line 125.\n
Ingestion points: git diff output in scripts/commit.ts (lines 53, 62)\n
Boundary markers: Absent\n
Capability inventory: Shell command execution via Bun.spawn (line 14)\n
Sanitization: Absent

smart-git-commit