Skills
skills/ankitgoyalio/code-skills/conventional-commit-message/Gen Agent Trust Hub

conventional-commit-message

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes standard Git commands (git add -A, git diff --cached, git commit) to manage the repository state. These commands are necessary for the skill's primary purpose and are performed locally without external network exposure.\n- [PROMPT_INJECTION]: The skill analyzes repository changes and user messages, which presents an indirect prompt injection surface. However, the risk is negligible as the skill uses this data only to generate structured commit messages.\n
  • Ingestion points: Untrusted data enters the agent context via git diff --cached and git diff --cached --stat (SKILL.md).\n
  • Boundary markers: No explicit delimiters are used to separate repository content from instructions.\n
  • Capability inventory: The skill can perform git add and git commit and run a local Python script (scripts/validate_commit_header.py).\n
  • Sanitization: No sanitization is performed on the diff content; the skill relies on the agent's internal logic to parse the changes safely.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 07:21 AM