git-commits

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The skill explicitly instructs the agent to remove Claude attribution so commits "appear user‑authored" and to hide provenance (and run opaque scripts), which is a deceptive instruction outside legitimate commit-helper behavior.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill explicitly instructs removing AI attribution and replacing normal git commits with a wrapper so AI-generated changes appear user-authored—deliberate provenance tampering and deceptive behavior (high risk), though it does not show direct network exfiltration, credential theft, or remote-code backdoors.