commit-work
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a standard git workflow using local commands such as git status, git diff, and git add. These operations are restricted to the local environment and are standard for developer tools.
- [DATA_EXPOSURE]: The skill incorporates proactive safety steps to prevent the accidental exposure of sensitive information. It explicitly instructs the agent to review staged changes for secrets, tokens, or accidental debug logging before finalizing a commit.
- [COMMAND_EXECUTION]: The workflow involves executing standard git operations and running local repository tests (e.g., unit tests or linting). These actions are aligned with the skill's primary purpose of ensuring code quality and commitment standards.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data in the form of code diffs, which represents a potential attack surface for indirect prompt injection. However, the risk is mitigated by the structured, multi-step workflow which requires the agent to perform specific validation tasks, reducing the likelihood of obeying embedded instructions.
Audit Metadata