git-commit

Pass

Audited by Gen Agent Trust Hub on May 29, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. \n
  • Ingestion points: The SKILL.md file instructs the agent to read git diff and git status output (Preflight step), which contains untrusted data from the repository.\n
  • Boundary markers: Absent. There are no instructions or delimiters provided to ensure the agent ignores or treats instructions within the diff output as data only.\n
  • Capability inventory: The skill has the ability to execute git commit and run local Bash/Python scripts.\n
  • Sanitization: Absent. No filtering or escaping is applied to the diff content before it enters the agent's context.\n- [SAFE]: The skill employs dedicated Python and shell scripts to safely assemble commit messages, which prevents typical shell injection vulnerabilities when handling multiline input.\n- [SAFE]: It requires user confirmation before performing commit actions, adding a layer of oversight for the agent's actions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 29, 2026, 07:27 AM
Security Audit — agent-trust-hub — git-commit