conventional-commits
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard git commands (
git diff,git log,git show) to retrieve repository metadata and file changes. These commands are used in a read-only manner and are essential for the skill's primary functionality of generating commit messages. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from the local repository by reading file diffs. This constitutes a potential attack surface if malicious instructions are embedded in the code changes being analyzed, though the risk is inherent to tools that analyze user-provided code.
- Ingestion points: Workflow steps in SKILL.md that read output from
git diff --stagedandgit log. - Boundary markers: Absent; the diff content is directly incorporated into the agent's context without specific delimiters or isolation instructions.
- Capability inventory: The skill is restricted to read-only
gitcommands and lacks network access or file system modification permissions. - Sanitization: The skill does not perform validation or sanitization on the content of the diffs.
Audit Metadata