commit-changes
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to interact with the local git repository (e.g.,git status,git diff,git commit). This is the primary and intended purpose of the skill. The instructions emphasize that the agent must only perform actions explicitly requested or delegated by the user, and it explicitly forbids dangerous operations like force-pushing or rebasing without permission. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it ingests untrusted data from the local environment to generate commit messages and verify changes.
- Ingestion points: The skill reads data from
git status,git diff, and file contents via theReadtool. - Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands within the processed data.
- Capability inventory: The skill has access to
Bash(allowing shell command execution),Read(allowing file system access), andAskUserQuestion(interaction with the user). - Sanitization: No sanitization or filtering of the ingested file content is performed before processing.
- Risk Assessment: Despite the presence of this attack surface, the risk is assessed as LOW because the skill's instructions mandate a 'Confirm permission' step and 'Confirm scope' step, ensuring a human-in-the-loop review before any commands are executed.
Audit Metadata