split-commit
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute several read-only Git commands (
git branch,git status,git log,git diff) to inspect the repository state. This is necessary for its primary function and does not include mutating operations. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes untrusted data from the repository being analyzed.
- Ingestion points: Data is ingested via
git diff,git status,git log, and the.githooks/commit-msgfile. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore potentially malicious content within the diffs or commit messages.
- Capability inventory: The agent can execute shell commands (
gitCLI) and generate PowerShell scripts for the user. - Sanitization: No evidence of sanitization or validation of the ingested repository content before it is used to generate the final script.
Audit Metadata