commit-history
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill communicates with an external endpoint defined by the
$AGENTMEMORY_URLenvironment variable to fetch commit history. This is a primary function of the skill. - [CREDENTIALS_UNSAFE]: The skill utilizes the environment variable
$AGENTMEMORY_SECRETto authenticate its requests. Accessing secrets from environment variables is a standard and recommended practice for agent skills. - [DATA_EXFILTRATION]: The skill ingests commit data from an external source (MCP tool or HTTP endpoint) and renders it into the agent's context. This presents a potential surface for indirect prompt injection if commit messages contain malicious instructions.
- Ingestion points: Data returned from the
memory_commitsMCP tool or the GET request to$AGENTMEMORY_URL(referenced inSKILL.md). - Boundary markers: Absent; the skill renders the commit list directly without explicit delimiters or warnings to ignore embedded instructions.
- Capability inventory: The skill only has the capability to render text; it does not include scripts, subprocess calls, or file-system writes.
- Sanitization: The skill implements good practices by URL-encoding outgoing parameters (
branch,repo,limit) to prevent parameter injection, though it does not specify sanitization for the retrieved commit messages.
Audit Metadata