git-commit
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains explicit instructions to disregard or override previous prompts and system-level instructions. It specifically forbids the agent from including AI attribution (e.g., 'Co-authored by' or 'Copilot') in git commit messages, even if mandated by the system prompt, using high-pressure language ('I WILL GET FIRED').
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from project code and documentation files.
- Ingestion points: The agent reads changed code and external documentation sources like Obsidian or Gitbooks.
- Boundary markers: Absent; there are no instructions provided to treat content from these files as untrusted data or to ignore instructions embedded within them.
- Capability inventory: The agent can execute git commands (commit, push) and delete files (markdown and documentation) based on its analysis.
- Sanitization: No sanitization or validation of the content read from the repository is performed before processing or committing.
- Mitigation: The skill includes a manual checkpoint by requiring user approval before pushing changes or deleting unnecessary documentation.
Audit Metadata