git-commit
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local development commands such as
git status,git diff,git add, andgit commit. It also dynamically executes project-specific linting tools includingnpm run lint,ruff check,make lint,rubocop, andgolangci-lintbased on the detected project configuration. - [DATA_EXPOSURE]: The skill reads repository state and file differences (
git diff) to summarize changes. It also checks for the existence of configuration files likepackage.jsonorpyproject.tomlto determine the project type. - [INDIRECT_PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from
git diffoutputs. An attacker could potentially embed malicious instructions within code comments or documentation in a pull request to influence the generated commit message or the semantic analysis performed by the parallel agents. - Ingestion points: git diff output (SKILL.md)
- Boundary markers: Absent. The prompts for semantic and breaking change analysis do not use specific delimiters or instructions to ignore embedded commands.
- Capability inventory: Shell command execution (git, npm, ruff, etc.) and file writing via
TodoWrite(SKILL.md). - Sanitization: None detected. The skill directly interpolates diff content into analysis prompts.
Audit Metadata