skills/duc01226/easyplatform/commit/Gen Agent Trust Hub

commit

Warn

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill contains instructions to deliberately bypass local environment security controls. Specifically, it directs the agent to create a marker file (.commit-skill-active) within a temporary directory to suppress the execution of the git-commit-block hook. This represents a policy override pattern designed to circumvent established workflow constraints.
  • [COMMAND_EXECUTION]: The skill utilizes shell commands to interact with the repository's filesystem and git CLI. It performs directory creation (mkdir -p), file creation (touch), and deletion (rm -f) based on the output of command substitution ($(git rev-parse --show-toplevel)). While functional, these operations are used to implement the security hook bypass.
  • [INDIRECT_PROMPT_INJECTION]: The skill demonstrates an attack surface for indirect prompt injection (Category 8):
  • Ingestion points: The agent ingests untrusted data from the local repository using git diff --cached and git diff during the 'Analyze Changes' phase.
  • Boundary markers: There are no boundary markers or instructions to treat the ingested diff content as data rather than instructions.
  • Capability inventory: The skill possesses the capability to modify the repository state via git add and git commit commands.
  • Sanitization: No sanitization or escaping is performed on the content extracted from file diffs before it is interpolated into the prompt for commit message generation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 29, 2026, 09:18 AM
Security Audit — agent-trust-hub — commit