commit-context

Fail

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill interpolates the user-provided $ARGUMENTS directly into shell commands such as git blame and git log. An attacker could craft input containing shell metacharacters (e.g., ;, &, |, or backticks) to execute unauthorized commands on the host system.
  • [DATA_EXFILTRATION]: The skill is configured to send a sensitive authorization token ($AGENTMEMORY_SECRET) via an HTTP GET request to a variable URL ($AGENTMEMORY_URL). If the environment variables point to an untrusted or external endpoint, this results in the exfiltration of credentials.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing output from git and MCP tools without validation or boundary markers. This could allow malicious instructions embedded in commit messages to influence the agent's behavior. Evidence Chain: Ingestion points (git blame/log output, MCP results); Boundary markers (absent); Capability inventory (shell execution via git, network GET); Sanitization (none).
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 20, 2026, 11:08 AM
Security Audit — agent-trust-hub — commit-context