git-commit
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard Git commands (
git diff,git status,git add,git commit) to facilitate source control workflows. - [DATA_EXFILTRATION]: The skill analyzes file diffs to generate commit messages. It explicitly instructs the agent to never commit secrets such as
.envfiles, credentials, or private keys, which mitigates the risk of accidental data exposure. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and analyzes untrusted data from the user's local workspace (git diffs) to determine commit types and messages. This is a known risk for any skill that processes external content, though the skill does not grant the agent capabilities that would allow for high-impact exploitation in this context.
Audit Metadata