Skills
skills/trevors/dot-claude/cleaning-commit-history/Gen Agent Trust Hub

cleaning-commit-history

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses git and jj (Jujutsu) shell commands to perform history rewriting operations, including git reset --mixed, git branch, and jj squash. These are the primary functions of the skill and include a safety step (Phase 0) to create backups or utilize the VCS oplog.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes external, potentially attacker-influenced data.
  • Ingestion points: Processes data from git log and git diff outputs, including commit messages and code changes in SKILL.md (Phases 1-3).
  • Boundary markers: No specific delimiters or instructions are used to distinguish between commit data and agent instructions.
  • Capability inventory: Performs filesystem-modifying operations via git/jj subcommands throughout SKILL.md.
  • Sanitization: No sanitization or validation of commit message content is performed before the agent uses the content to classify and reorganize the history.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 06:37 PM
Security Audit — agent-trust-hub — cleaning-commit-history