Skills
skills/codebeltnet/agentic/git-visual-commits/Gen Agent Trust Hub

git-visual-commits

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes multiple shell commands using the git CLI, including git status, git diff, git log, and git commit with multi-line message arguments.
  • [COMMAND_EXECUTION]: Performs persistent system-level configuration changes by executing git config --global to establish an alias for bot identity management.
  • [PROMPT_INJECTION]: Exposes an indirect prompt injection surface by instructing the agent to ingest and analyze untrusted content from git diff outputs during the commit classification phase. Ingestion points: git diff and git status (SKILL.md). Boundary markers: None specified for the interpolation of diff content. Capability inventory: git commit, git log, git config. Sanitization: Includes post-commit validation of the log output for escape sequences but lacks pre-processing or isolation of the input diff data.
  • [COMMAND_EXECUTION]: Implements an 'auto-approval' mode (triggered by 'yolo' or 'auto') that allows the agent to execute a sequence of git staging and commit operations without direct human oversight for each step.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 01:55 PM