commit
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection via project-specific configuration files.
- Ingestion points: The skill reads configuration from
<git-commit-config>within theCLAUDE.mdfile located in the project repository. - Boundary markers: Absent. There are no explicit delimiters or warnings to prevent the agent from treating instructions in
CLAUDE.mdas system-level overrides. - Capability inventory: The skill can execute
gitcommands, anodevalidation script with interpolated arguments, and arbitrary shell commands for quality checks (linting, testing). - Sanitization: Absent. Configuration flags and 'extra-instructions' from
CLAUDE.mdare used directly in the workflow without validation or escaping. - [COMMAND_EXECUTION]: Potential for arbitrary command execution during the automated quality gate process.
- Ingestion points: The agent is instructed to 'determine what checks apply' by inspecting the codebase, which includes reading potentially malicious scripts in
package.json,Makefile, or other build configurations. - Boundary markers: Absent. The agent relies on its own assessment of the untrusted project files to decide which commands to run.
- Capability inventory: Full shell access to execute build, lint, and test tools as part of the pipeline.
- Sanitization: Absent. If a repository contains a malicious test script, the agent may execute it as part of the 'Quality Gate' step.
Audit Metadata