use-conventional-commits
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill performs git operations (status, diff, add, commit) using standard CLI tools. It employs a shell heredoc with a quoted delimiter ('EOF') to safely handle commit messages, which prevents the shell from interpreting the content of the message as commands.\n- [PROMPT_INJECTION]: The skill handles untrusted file content and diffs to generate summaries, presenting a surface for indirect prompt injection.\n
- Ingestion points: Diff data from
git diffand file contents read directly in Step 3.\n - Boundary markers: The skill lacks automated boundary markers but enforces a human-in-the-loop review in Step 5 before committing.\n
- Capability inventory:
git add -Aandgit commitin Step 6.\n - Sanitization: No explicit sanitization of diff content is performed.\n- [DATA_EXFILTRATION]: The skill's scope is limited to local git operations. It explicitly forbids network operations like 'git push', preventing data from leaving the local environment.\n- [SAFE]: The instructions include 'Hard Rules' that prevent common security pitfalls, such as committing credentials or performing destructive history rewrites.
Audit Metadata