Skills
skills/coderfee/ai/commit/Gen Agent Trust Hub

commit

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local system commands including git status, git diff, git add, git commit, and git push to automate version control workflows.
  • [DATA_EXFILTRATION]: The skill triggers git push, which transmits local repository data to a configured remote server. This is the intended behavior for synchronizing code.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from the local repository.
  • Ingestion points: The agent reads the output of git diff (referenced in SKILL.md).
  • Boundary markers: Absent; there are no instructions to ignore embedded prompts in the diff output.
  • Capability inventory: The skill allows command execution and network operations via git commit and git push (referenced in SKILL.md).
  • Sanitization: Absent; the skill does not sanitize or filter code changes before using them to generate commit messages.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 06:18 PM