autommit
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill employs standard git commands (git add and git commit) to manage repository changes.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it incorporates external file data and user arguments into its logic.
- Ingestion points: Untrusted data enters the agent context through repository files and the $ARGUMENTS variable in SKILL.md.
- Boundary markers: There are no delimiters or instructions to treat ingested data as non-executable text.
- Capability inventory: The agent has access to file system operations through git commands.
- Sanitization: The skill does not implement validation or sanitization to filter out potentially malicious instructions in the files being committed.
Audit Metadata