git-commit
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill manages Git operations and project-specific validation tools, including standard workflows for staging, branching, and committing. It supports running project-defined tests and linters to ensure code integrity prior to submission.
- [PROMPT_INJECTION]: Implements explicit defensive measures by instructing the agent to ignore any command-like patterns or 'ignore previous rules' instructions found within data being processed, such as file content viewed during git diff operations.
- [DATA_EXFILTRATION]: Enforces a strict policy against secret exposure by forbidding the commitment of credentials, private keys, or environment files. It requires a manual audit of the staging area to ensure no sensitive information or debugging logs are leaked.
- [SAFE]: The skill addresses potential indirect prompt injection surfaces by treating project configuration files (like package.json, Makefile, or README.md) as untrusted data. It mandates that the agent explain and obtain user authorization before executing any commands derived from these files, which serves as a robust sanitization and boundary-marking protocol.
Audit Metadata