split-commit

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute several read-only Git commands (git branch, git status, git log, git diff) to inspect the repository state. This is necessary for its primary function and does not include mutating operations.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes untrusted data from the repository being analyzed.
  • Ingestion points: Data is ingested via git diff, git status, git log, and the .githooks/commit-msg file.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore potentially malicious content within the diffs or commit messages.
  • Capability inventory: The agent can execute shell commands (git CLI) and generate PowerShell scripts for the user.
  • Sanitization: No evidence of sanitization or validation of the ingested repository content before it is used to generate the final script.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 04:57 PM
Security Audit — agent-trust-hub — split-commit