commit
Warn
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is configured to execute a local shell script located at
$CLAUDE_PROJECT_DIR/.claude/scripts/generate-reasoning.sh. This execution pattern relies on a project-specific script whose contents are not defined within the skill itself. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface that could lead to command injection.
- Ingestion points: Data enters the agent context through
git statusandgit diffoperations which read files from the project repository (SKILL.md). - Boundary markers: There are no instructions or delimiters provided to ensure that malicious content within file diffs or names does not influence the agent's behavior during commit message generation.
- Capability inventory: The skill provides the agent with the capability to execute shell commands via
bash(SKILL.md). - Sanitization: The skill lacks sanitization of the
<commit-message>variable before it is interpolated into the shell command. If an attacker can influence the commit message via file content to include shell metacharacters (e.g., backticks or subshells), it could result in arbitrary command execution when the reasoning script is invoked.
Audit Metadata