commit-context
Fail
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill interpolates the user-provided
$ARGUMENTSdirectly into shell commands such asgit blameandgit log. An attacker could craft input containing shell metacharacters (e.g.,;,&,|, or backticks) to execute unauthorized commands on the host system. - [DATA_EXFILTRATION]: The skill is configured to send a sensitive authorization token (
$AGENTMEMORY_SECRET) via an HTTP GET request to a variable URL ($AGENTMEMORY_URL). If the environment variables point to an untrusted or external endpoint, this results in the exfiltration of credentials. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing output from
gitand MCP tools without validation or boundary markers. This could allow malicious instructions embedded in commit messages to influence the agent's behavior. Evidence Chain: Ingestion points (git blame/log output, MCP results); Boundary markers (absent); Capability inventory (shell execution via git, network GET); Sanitization (none).
Recommendations
- AI detected serious security threats
Audit Metadata