releasenotes
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from git commit logs.
- Ingestion points: Commit subjects and bodies are ingested into the agent context via
git login SKILL.md. - Boundary markers: There are no specific delimiters or instructions provided to the agent to ignore potentially malicious content embedded within the commit messages.
- Capability inventory: The skill executes shell commands (
git config,git log) to retrieve repository data. - Sanitization: The skill lacks validation or sanitization of the commit data before it is processed and summarized.
- [COMMAND_EXECUTION]: The skill performs shell command execution using user-provided inputs without explicit validation.
- Evidence: User-supplied arguments
<fromVersion>and<toVersion>are interpolated directly into thegit logcommand in SKILL.md. Maliciously crafted version strings could be used to manipulate the command's execution or attempt command injection.
Audit Metadata