Skills
skills/parkyoungwoong/skills/skill-commit/Gen Agent Trust Hub

skill-commit

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes various Git commands such as git status, git diff, git log, git add, git commit, and git push to perform its primary function of committing code and managing versions.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8). It ingests untrusted data from git diff (file content changes) and git log (previous commit messages) to generate commit messages and determine version bumps.
  • Ingestion points: Untrusted data enters the agent context through the outputs of git diff and git log as described in Step 1 and Step 4 of the skill's flow in SKILL.md.
  • Boundary markers: The instructions do not define any delimiters or system warnings to ignore embedded instructions within the ingested Git data.
  • Capability inventory: The skill has the capability to execute shell commands (git operations) and modify local files (SKILL.md, README.md).
  • Sanitization: There is no mention of sanitization, escaping, or validation of the content retrieved from the Git history or diffs before processing it.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 02:36 PM
Security Audit — agent-trust-hub — skill-commit