commit
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection vulnerability. The skill ingests untrusted data from git diff output and uses it to generate commit messages and commands. An attacker could embed instructions in a file's content that, when diffed, might influence the agent to deviate from its intended behavior.
- Ingestion points: Git diff output from staged or unstaged changes (Step 1 in SKILL.md).
- Boundary markers: None. The skill does not use delimiters or instructions to ignore embedded commands within the diff content.
- Capability inventory: Shell command execution via git commit (Step 4 in SKILL.md).
- Sanitization: None. The diff content is used directly to derive the commit message subject and body.
- [COMMAND_EXECUTION]: The skill executes shell commands to perform its core tasks. Specifically, it defaults to using the -n (--no-verify) flag during git commit, which skips pre-commit hooks. This behavior can lead to bypassing security-critical hooks, such as secret scanners or linters, which the user might expect to run before a commit is finalized.
Audit Metadata