Skills
skills/generaljerel/chalk-skills/create-commit-message/Gen Agent Trust Hub

create-commit-message

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection from processed data.\n
  • Ingestion points: Untrusted data enters the agent context through git diff output, git log history, and project-specific documentation files (e.g., .chalk/docs/engineering/) as defined in Workflow steps 1, 2, and 4.\n
  • Boundary markers: The instructions lack explicit delimiters or specific prompts telling the model to disregard embedded commands or instructions within the analyzed code or files.\n
  • Capability inventory: The skill is authorized to use Bash for git operations and Read for file access, which represent the potential impact surface of an injection.\n
  • Sanitization: There is no evidence of escaping, validation, or filtering of the external content before it is processed by the model to generate output.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 08:10 AM
Security Audit — agent-trust-hub — create-commit-message