Skills
skills/mbaptista10/skills/semantic-commits/Gen Agent Trust Hub

semantic-commits

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local git commands to perform its core functions. It uses git log and git diff to analyze context, and git reset, git add, and git commit to manipulate the repository state. These commands are necessary for the skill's purpose and are executed locally.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes file content via git tools.
  • Ingestion points: Untrusted data enters the agent's context through git diff --cached -- <file> in SKILL.md (Step 1).
  • Boundary markers: A strict boundary is established in Step 3, where the agent is instructed to stop and ask: 'Approve these groups?' and explicitly 'Do NOT proceed until explicit confirmation.'
  • Capability inventory: The skill has the capability to write to the repository using git add and git commit as defined in Step 4.
  • Sanitization: While there is no automated sanitization of file content, the mandatory human-in-the-loop confirmation step before execution serves as a manual sanitization and validation mechanism.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 05:59 PM