git-commit-smart

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: A thorough review of the skill's instructions and commands revealed no malicious patterns, obfuscation, or unauthorized access attempts.
  • [COMMAND_EXECUTION]: The skill utilizes standard Git commands (git diff, git add, git commit) that are appropriate and necessary for its intended use case of managing version control metadata.
  • [DATA_EXFILTRATION]: The skill actively promotes security by instructing the agent to ensure secrets like passwords and API keys are not included in commits.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it analyzes untrusted data from staged changes (git diff --staged) to generate commit messages. However, the risk is negligible as the output is restricted to commit message generation.
  • Ingestion points: staged changes via git diff --staged.
  • Boundary markers: Absent.
  • Capability inventory: git commit (limited to message generation).
  • Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 03:58 PM
Security Audit — agent-trust-hub — git-commit-smart