Skills
skills/bulls-cows/skills/yy-frontend-commit/Gen Agent Trust Hub

yy-frontend-commit

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes multiple Git commands (git status, git diff, git add, git commit) to analyze project state and perform version control operations. While these are necessary for its primary purpose, they involve direct shell interaction.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and analyzes file content via git diff and git diff --staged. Malicious instructions embedded in comments or strings within the code being analyzed could influence the agent's summary or behavior.
  • Ingestion points: Project file contents accessed through git diff commands.
  • Boundary markers: Absent. The instructions do not specify a delimiter or a directive to ignore instructions found within the code changes.
  • Capability inventory: Shell command execution via the Git CLI, including git add and git commit.
  • Sanitization: Absent. The skill does not sanitize the output of the diff commands before processing them as natural language context.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 06:33 AM