commit
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Executes Git commands to manage local repository state and commits. This includes using dynamic context injection in the SKILL.md to retrieve the current repository status via
git statusandgit diffat load time. - [COMMAND_EXECUTION]: Runs a bundled Python script (
scripts/validate.py) to perform local code validation using tools likenpm,cargo, orruff. The script uses hardcoded commands for these tools and does not expose arbitrary command execution vectors through shell injection. - [PROMPT_INJECTION]: Processes local repository diffs and file names as input for logical grouping of commits. The ingestion of this untrusted data is restricted to organizational tasks and does not influence critical security boundaries or grant high-privilege access.
Audit Metadata