git-commit
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The 'Key principles' section includes an instruction ('Self-directed decisions') that commands the agent to bypass user confirmation. It states 'Do not ask the user; make decisions independently' and 'Do not pause to ask the user' for staging and committing tasks. This instruction attempts to override default safety protocols that usually require human-in-the-loop review for file modifications.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data (file names and contents) from the local repository to automate its workflow.\n
- Ingestion points: Local file system state and file metadata accessed via
git status --porcelainandgit loginSKILL.md.\n - Boundary markers: Absent. No instructions are provided to use delimiters or to treat repository data as untrusted.\n
- Capability inventory: File staging (
git add), committing (git commit), and updating configuration files (echo >> .gitignore) as defined inSKILL.md.\n - Sanitization: Absent. There is no mention of validating or escaping ingested data before it is used in commands or prompts.\n- [COMMAND_EXECUTION]: The skill relies on shell commands to interact with the local Git environment. While commands like
git add,git commit, andgit statusare appropriate for the skill's purpose, the instruction to execute these autonomously increases the risk that malicious repo content could trigger unintended actions.
Audit Metadata