git-commit
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements standard git operations (diff, add, commit) for managing conventional commits. It contains explicit safety protocols forbidding destructive commands like hard resets or force pushes, and specifically instructs the agent never to commit sensitive files such as .env or private keys.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from local file diffs (
git diff) to generate commit messages. This creates a surface where malicious content inside a codebase could attempt to influence the agent's message generation. However, the impact is limited as the output is restricted to a commit message string and the risk is mitigated by the agent's internal safety filters. - Ingestion points: Reads output from
git diffandgit diff --stagedin SKILL.md. - Boundary markers: None explicitly defined for the diff content processing.
- Capability inventory: Executes
git addandgit commitvia the Bash tool. - Sanitization: No specific sanitization or escaping of diff content is mentioned before interpolation into the prompt for message generation.
Audit Metadata