conventional-commit
Warn
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill explicitly instructs the agent to execute the
git commitcommand automatically without requesting user confirmation (Step 5). This instruction encourages the agent to bypass standard safety protocols and human-in-the-loop review processes. - [COMMAND_EXECUTION]: The workflow relies on shell commands that incorporate variables (type, scope, description) derived from the local environment and file changes. If these fields are populated with unsanitized data from the codebase, it could lead to command injection in the host's terminal.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1. Ingestion point: The agent reads untrusted data from
git diffoutput (SKILL.md, Step 2). 2. Boundary markers: No delimiters or ignore instructions are present to scope the diff content. 3. Capability inventory: The skill uses terminal command execution (git commit). 4. Sanitization: No sanitization or validation of the diff content is performed before generating the commit message.
Audit Metadata