conventional-commit
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Workflow steps 5 and 6 explicitly instruct the agent to execute the
git commitcommand automatically and with "no confirmation needed," which bypasses the standard safety practice of requiring user approval for shell operations. - [PROMPT_INJECTION]: The skill uses specific directives to override the agent's default behavior regarding autonomous command execution. Additionally, the skill's workflow ingests untrusted data from
git diff, which could be used for indirect prompt injection. Ingestion points: Data enters via thegit statusandgit diffcommands mentioned in the workflow. Boundary markers: There are no markers or delimiters defined to isolate the diff content from the agent's instructions. Capability inventory: The skill can execute shell commands (git commit). Sanitization: No validation or sanitization of the diff content is specified, allowing content in the repository to potentially influence the agent's behavior.
Audit Metadata