ito-commit
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local git commands (
git status,git diff,git log,git add,git commit) to perform its primary function. Every destructive action is preceded by a required user confirmation step as seen in Step 8.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes the contents of local files via git diffs and logs to generate commit messages.\n - Ingestion points:
SKILL.md(Step 2 and Step 5) through git output.\n - Boundary markers: Absent; the skill filters some metadata but does not use formal delimiters to isolate ingested file content.\n
- Capability inventory: The skill has the ability to execute
git addandgit commitbased on its processing.\n - Sanitization: Absent; the file content is used without sanitization to influence AI behavior.\n- [SAFE]: The skill proactively implements security measures by scanning for sensitive file patterns (e.g., .env, .key, credentials) in Step 4 and requiring confirmation before adding untracked files in Step 2.5. It also avoids executing
git push, reducing the risk of accidental data exfiltration.
Audit Metadata