git-commit
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard Git commands (e.g.,
git add,git commit,git push) through theBashtool. These operations are essential to the skill's primary function of version control automation and are performed within the local repository environment. - [DATA_EXFILTRATION]: The skill includes a mandatory, non-skippable 'Secret Scanning' step. This process directs the agent to inspect both staged and unstaged changes for patterns such as API keys, hardcoded credentials, and private keys. This serves as a defensive feature to prevent accidental data exfiltration to remote repositories. The mention of a hardcoded connection string in the skill body is a benign example used to teach the agent what to detect and block.
- [PROMPT_INJECTION]: The instructions utilize directive language (e.g., 'CRITICAL', 'MANDATORY') to enforce security guardrails rather than bypass them. There are no attempts to override system safety filters or extract system prompts.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data in the form of code diffs and file content from the local repository.
- Ingestion points: Code changes and file metadata are read using
git diffandgit diff --statin SKILL.md. - Boundary markers: The skill uses clear logical steps and descriptive headers to separate instructions from data processing, though it does not use specialized XML-like delimiters for the diff content itself.
- Capability inventory: The agent has access to
Bash(for git commands) andRead(for file access). - Sanitization: The skill explicitly instructs the agent to analyze the diffs for malicious or unintended patterns (secrets) and to stop immediately if any are found, providing a manual layer of verification.
Audit Metadata