git-commit-smart
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: A thorough review of the skill's instructions and commands revealed no malicious patterns, obfuscation, or unauthorized access attempts.
- [COMMAND_EXECUTION]: The skill utilizes standard Git commands (
git diff,git add,git commit) that are appropriate and necessary for its intended use case of managing version control metadata. - [DATA_EXFILTRATION]: The skill actively promotes security by instructing the agent to ensure secrets like passwords and API keys are not included in commits.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it analyzes untrusted data from staged changes (
git diff --staged) to generate commit messages. However, the risk is negligible as the output is restricted to commit message generation. - Ingestion points: staged changes via
git diff --staged. - Boundary markers: Absent.
- Capability inventory:
git commit(limited to message generation). - Sanitization: Absent.
Audit Metadata