conventional-commit
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements robust safety defaults, such as explicitly forbidding 'git add .' and '--no-verify', and requiring user confirmation before performing history rewrites or pushing changes.
- [DATA_EXPOSURE]: The skill includes a proactive 'Secrets check' step that flags sensitive file patterns (e.g., .env, .pem, .key) and warns the user to exclude them from commits, adhering to security best practices.
- [COMMAND_EXECUTION]: The skill executes local git commands to manage repository history. It handles complex operations like history rewriting through a guided process that includes safety checks for remote branches and clean working trees.
- [DYNAMIC_EXECUTION]: A local Python helper script (
scripts/rewrite_msg.py) is used to manage commit message mapping during history rewrites. The script performs simple string replacements based on a temporary TSV file and does not utilize unsafe execution patterns like eval() or exec(). - [PROMPT_INJECTION]: The skill processes untrusted input from the repository (git diffs and logs). While this presents an indirect prompt injection surface, the risk is mitigated by the mandatory 'Show the commit plan' step, which ensures human oversight before any git commands are executed.
Audit Metadata