commit
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill explicitly implements safety rules that prevent the agent from staging or committing sensitive files like .env, credentials, or secrets, instructing it to warn the user if such files are detected.- [COMMAND_EXECUTION]: The skill uses local Git commands (add, status, diff, log, commit) to perform its primary function. All state-altering commands, specifically the final commit, require explicit user verification through a question tool.- [PROMPT_INJECTION]: An indirect prompt injection surface is present because the skill processes untrusted data from the Git repository.
- Ingestion points: Local repository data read via git status, git diff --staged, and git log in SKILL.md.
- Boundary markers: None are explicitly defined in the instructions.
- Capability inventory: Repository state changes via git add and git commit in SKILL.md.
- Sanitization: The skill contains instructions to identify and exclude credentials and environment files. The primary mitigation is the mandatory human-in-the-loop confirmation step before any commit is executed.
Audit Metadata