Skills
skills/xing-lin/wenyan-commit-message-skill/wenyan-commit-message/Gen Agent Trust Hub

wenyan-commit-message

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes git diff --cached and git diff to retrieve repository changes. These commands are used as read-only operations to inform the content of the commit message.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its reliance on external data (Category 8).
  • Ingestion points: The skill ingests untrusted data from the local repository's diff output as specified in the Workflow section of SKILL.md.
  • Boundary markers: No delimiters or safety instructions are defined to separate the diff content from the agent's core instructions.
  • Capability inventory: The skill's primary capability is text analysis and generation based on the provided diff.
  • Sanitization: The skill does not implement sanitization or validation of the ingested diff data before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 12:29 PM