commit
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from the repository code and diffs.\n
- Ingestion points: Repository diffs and status information are read using
git diffandgit status(SKILL.md).\n - Boundary markers: No explicit delimiters or isolation instructions are provided to separate the diff content from agent instructions.\n
- Capability inventory: The skill has the capability to modify repository state using
git addandgit commit(SKILL.md).\n - Sanitization: No sanitization or validation is applied to the ingested diff content before it is used to generate commit headers and bodies.\n- [COMMAND_EXECUTION]: The skill uses a restricted subset of local git commands to perform its duties.\n
- Evidence: Use of
git status,git diff,git add, andgit commit(SKILL.md).\n - Context: The skill instructions emphasize staying within a safe subset of commands and treat staging and committing as actions requiring human-approval or human-in-the-loop oversight.
Audit Metadata