yy-commit
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Git CLI commands (
git status,git diff,git add,git commit) to manage the repository state. These are standard operations for the tool's purpose. - [SAFE]: Implements explicit safety checks for sensitive files, instructing the agent to warn the user if credentials, environment variables (.env), or private keys (*.key, *.pem) are detected in the change set.
- [SAFE]: Enforces a mandatory confirmation step, preventing the agent from autonomously committing code without explicit user approval of the files and the commit message.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from the project's source code (via
git diff) and history. While this presents a potential injection surface, the risk is mitigated by the fact that the output (a commit message) is reviewed by a human before any execution occurs. - [DATA_EXPOSURE]: Reads local file differences and commit history to generate summaries. This information is restricted to the local context and is not transmitted to external domains.
Audit Metadata