commit
Warn
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains instructions to deliberately bypass local environment security controls. Specifically, it directs the agent to create a marker file (
.commit-skill-active) within a temporary directory to suppress the execution of thegit-commit-blockhook. This represents a policy override pattern designed to circumvent established workflow constraints. - [COMMAND_EXECUTION]: The skill utilizes shell commands to interact with the repository's filesystem and git CLI. It performs directory creation (
mkdir -p), file creation (touch), and deletion (rm -f) based on the output of command substitution ($(git rev-parse --show-toplevel)). While functional, these operations are used to implement the security hook bypass. - [INDIRECT_PROMPT_INJECTION]: The skill demonstrates an attack surface for indirect prompt injection (Category 8):
- Ingestion points: The agent ingests untrusted data from the local repository using
git diff --cachedandgit diffduring the 'Analyze Changes' phase. - Boundary markers: There are no boundary markers or instructions to treat the ingested diff content as data rather than instructions.
- Capability inventory: The skill possesses the capability to modify the repository state via
git addandgit commitcommands. - Sanitization: No sanitization or escaping is performed on the content extracted from file diffs before it is interpolated into the prompt for commit message generation.
Audit Metadata