commit
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs standard version control tasks using the
gitcommand-line tool. All operations align with the stated purpose of the skill. - [DATA_EXPOSURE]: The skill includes a specific safety instruction: 'Do NOT include files that may contain secrets (.env, credentials, tokens, etc.)', which helps prevent accidental leakage of sensitive information during the commit process.
- [COMMAND_EXECUTION]: Usage of shell commands is scoped to the
gitbinary as specified in theallowed-toolsfrontmatter, providing a restricted execution environment. - [INDIRECT_PROMPT_INJECTION]: The skill analyzes file diffs (external untrusted data) to generate commit messages. While this presents a surface for indirect prompt injection, the skill provides detailed heuristics and multi-step logic ('Task' and 'Commit Message Convention' sections) that guide the agent's reasoning, mitigating the risk of following instructions embedded within code changes.
Audit Metadata