Skills
skills/martinffx/atelier/code-conventional-commit/Gen Agent Trust Hub

code-conventional-commit

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell commands (git status, git diff --staged, and git commit -m) to manage the version control workflow as described in its primary operations.
  • [EXTERNAL_DOWNLOADS]: The file workspace/iteration-1/report.html references an external JavaScript library (xlsx.full.min.js) from cdn.sheetjs.com to provide spreadsheet rendering capabilities for the evaluation reports.
  • [PROMPT_INJECTION]: The skill analyzes repository changes via git diff, which creates a surface for indirect prompt injection where malicious instructions embedded in a staged file could attempt to influence the agent's behavior during commit message generation.
  • Ingestion points: Untrusted content from the user's workspace is read into the agent's context using git diff --staged in SKILL.md.
  • Boundary markers: The instructions do not specify the use of clear delimiters or instructions to ignore embedded commands within the diff content.
  • Capability inventory: The skill has the authority to execute shell commands, specifically git commit -m, as defined in SKILL.md.
  • Sanitization: There is no explicit sanitization or filtering of the content retrieved from the git diff before it is processed by the model.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 08:00 AM
Security Audit — agent-trust-hub — code-conventional-commit