git-commit-trailers
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security concerns were detected. The skill uses standard Git commands for repository metadata management and follows established development practices.
- [INDIRECT_PROMPT_INJECTION]: The skill reads commit messages from the Git log to parse trailers. Although commit messages are untrusted data, the skill uses structured parsing tools like
git interpret-trailersand filtering utilities likegrep,sort, anduniq, which prevents the agent from executing instructions embedded in commit text. - Ingestion points: Commit logs via
git login SKILL.md - Boundary markers: Absent
- Capability inventory:
git log,git interpret-trailers,git config - Sanitization: Absent
Audit Metadata