Skills
skills/everyinc/every-marketplace/git-commit/Gen Agent Trust Hub

git-commit

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local git commands (status, diff, branch, log, rev-parse, commit) and the gh CLI to manage repository state and retrieve metadata.
  • [EXTERNAL_DOWNLOADS]: Fetches repository configuration such as the default branch name from GitHub's official service using the gh tool.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from the repository's git diff and logs to generate commit messages, which could contain malicious instructions.
  • Ingestion points: Output from git diff HEAD, git log, and local project files (e.g., AGENTS.md).
  • Boundary markers: No specific delimiters are used to separate ingested content from the agent's instructions.
  • Capability inventory: Execution of shell commands through the git and gh CLIs.
  • Sanitization: No sanitization is performed on the content retrieved from the repository before it is processed.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 06:39 AM
Security Audit — agent-trust-hub — git-commit