Skills
skills/nesnilnehc/ai-cortex/commit-work/Gen Agent Trust Hub

commit-work

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes git commands for staging and committing, and runs project-specific validation tools such as npm test or custom verification scripts.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data in the form of code diffs, which could potentially contain adversarial instructions intended to influence the agent's behavior during the commit process.
  • Ingestion points: git diff and git diff --cached output processed in SKILL.md.
  • Boundary markers: None used to isolate untrusted diff content from the skill's instructions.
  • Capability inventory: Includes git commit operations and execution of arbitrary shell commands for testing.
  • Sanitization: No explicit sanitization or validation of diff content is performed.
  • [EXTERNAL_DOWNLOADS]: The documentation references external repositories for its origin and integrated components.
  • Evidence: References to the anthropics/skills repository and the nesnilnehc/ai-cortex project for provenance and integrated pre-commit reviews.
  • [SAFE]: The skill adopts security-positive practices by instructing the agent to actively check for sensitive data (secrets, tokens, or debug logs) before finalizing any commits.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 11:15 AM