git-commit
Pass
Audited by Gen Agent Trust Hub on Jul 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill facilitates standard git workflows by assisting with the formatting of commit messages based on repository metadata and staged diffs.
- [COMMAND_EXECUTION]: The skill uses
gitcommands (branch, log, diff, status) to gather context about the project's current state. The final action involves executinggit commitwith arguments constructed from user-approved text. These operations are well-scoped to the skill's intended purpose. - [PROMPT_INJECTION]: The skill reads data from
git diff, which could potentially contain adversarial content designed to influence the agent (indirect prompt injection). However, the skill explicitly requires the agent to present commit message options to the user and wait for a manual selection or confirmation before executing the commit, providing a robust human-in-the-loop defense.
Audit Metadata