Skills
skills/generaljerel/chalk-skills/commit/Gen Agent Trust Hub

commit

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill analyzes file diffs and contents to generate commit messages, creating an attack surface for indirect prompt injection where instructions embedded in code could influence the agent.
  • Ingestion points: File diffs and content read via git diff and the Read tool.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the workflow.
  • Capability inventory: Includes Bash, Read, Glob, and Grep tools as specified in SKILL.md.
  • Sanitization: No sanitization or validation is performed on the code content being analyzed.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute git commands, including git commit -m using messages derived from analyzed content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 08:10 AM
Security Audit — agent-trust-hub — commit