git-version
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements standard industry practices for version control (Conventional Commits, Semantic Versioning). The shell commands provided (e.g., git commit, git tag, git log) are appropriate and necessary for the described automation tasks.
- [COMMAND_EXECUTION]: The skill enables the agent to perform repository management through Git CLI operations. These operations are scoped to project versioning and do not include high-risk privilege escalation or persistence mechanisms.
- [INDIRECT_PROMPT_INJECTION]: The skill defines a vulnerability surface by processing untrusted data (git diff and git log output) to generate commit messages and release notes.
- Ingestion points: git diff --cached, git log (SKILL.md)
- Boundary markers: Absent
- Capability inventory: git commit, git tag, git push (SKILL.md)
- Sanitization: Absent
- While this surface exists for attackers to influence generated text, it is an inherent part of the summarization task and no active exploitation patterns were found.
- [EXTERNAL_DOWNLOADS]: The skill references vendor-owned resources (youlai/admin Docker image) and standard development tools (husky, standard-version) as part of configuration templates. These are documented for the vendor's ecosystem and do not constitute unsafe external dependencies.
Audit Metadata