commit
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes dynamic context injection in
SKILL.mdto execute shell commands such asgit status,git diff,git branch, andgit logat load time. These operations are used to populate the agent's context with relevant repository information and are benign in this workflow. - [COMMAND_EXECUTION]: To ensure commit quality, the skill instructs the agent to run project-specific scripts including
pnpm build,pnpm test, and various linting tools (pnpm lint:eslint, etc.). This is the primary intended behavior of the skill and follows standard development practices. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from the repository's git history and file diffs.
- Ingestion points: Real-time git status, diff, and log output captured in
SKILL.mdvia dynamic context injection. - Boundary markers: Absent; the shell output is interpolated directly into the agent's context without delimiters or instructions to ignore embedded content.
- Capability inventory: The skill has the capability to stage files and execute various shell commands through
pnpmandgitas described inSKILL.md. - Sanitization: No sanitization or escaping of the ingested git data is performed prior to processing.
Audit Metadata