commit-conventions

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to perform standard development tasks using git commands, including 'git status', 'git diff', 'git add', 'git commit', and 'git config'. These operations are local to the user's environment and are essential for the skill's primary function of version control management.
  • [PROMPT_INJECTION]: The skill processes untrusted repository content which technically presents an indirect prompt injection surface.
  • Ingestion points: Code changes and file contents are read from the repository using 'git diff' and 'git status' (SKILL.md).
  • Boundary markers: The instructions do not explicitly provide delimiters to separate the repository data from the agent's internal instructions.
  • Capability inventory: The agent has the ability to execute shell commands and modify the repository via 'git commit' and 'git add' (SKILL.md).
  • Sanitization: No specific sanitization or validation of the diff content is mandated before processing, although the instructions guide the agent to interpret the 'intent' of changes rather than execute them.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 02:00 AM
Security Audit — agent-trust-hub — commit-conventions