Skills
skills/laurigates/claude-plugins/git-commit-workflow/Gen Agent Trust Hub

git-commit-workflow

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill implements standard git workflows and promotes secure shell practices by recommending the use of HEREDOCs for commit messages to prevent accidental command expansion or shell injection.
  • [COMMAND_EXECUTION]: The skill executes git and GitHub CLI (gh) commands to manage repository state and retrieve metadata. It includes a bundled bash script (scripts/commit-context.sh) that aggregates local context such as branch name, staging status, and recent log history.
  • [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by ingesting untrusted data from GitHub issues.
  • Ingestion points: The scripts/commit-context.sh script fetches issue titles and labels via gh issue list.
  • Boundary markers: Absent; the issue data is piped directly into the context output.
  • Capability inventory: Access to Bash and Read tools as defined in SKILL.md for repository modification.
  • Sanitization: Absent; the titles and labels of external issues are processed without filtering.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 05:54 AM
Security Audit — agent-trust-hub — git-commit-workflow