checkpoint
Pass
Audited by Gen Agent Trust Hub on May 28, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard development scripts including
npm run lint,npm run build, andnpm run type-check(ornpx tsc). These are routine operations within a development environment and align with the skill's stated purpose of verifying code quality before committing. - [DATA_EXPOSURE]: While the skill stages all changes with
git add -A, it explicitly directs the agent to identify and exclude sensitive files such as.envand credentials, adhering to security best practices for version control management. - [PROMPT_INJECTION]: The skill processes untrusted data from
git logandgit diffto generate commit messages. This represents an indirect prompt injection surface. - Ingestion points: SKILL.md Step 1 calls
git logandgit diffto analyze repository context. - Boundary markers: No explicit markers are provided for the ingested git data.
- Capability inventory: The skill has the capability to execute shell commands (git, npm) as specified in SKILL.md.
- Sanitization: No sanitization is performed on the data ingested from the git repository before it is used to influence the commit message creation.
Audit Metadata