commit
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute standard Git commands including
git diff,git log, andgit committo perform its primary function. - [DATA_EXPOSURE]: The skill accesses local file contents through
git diffandgit logto generate commit messages, which is necessary for its stated purpose. It includes a protective instruction to avoid committing sensitive files like.envor credentials. - [INDIRECT_PROMPT_INJECTION]: The skill processes external data (code diffs) which could theoretically contain malicious instructions.
- Ingestion points: Untrusted data enters the context through
git diffoutput as described inSKILL.md. - Boundary markers: None explicitly defined to separate diff content from instructions.
- Capability inventory: The skill has the capability to execute shell commands (
git commit) and read files. - Sanitization: No specific sanitization or escaping of the diff content is mentioned.
Audit Metadata