Commit code safe and nice

Security checks across malware telemetry and agentic risk

Overview

This Git commit helper is mostly coherent, but it should be reviewed because it can automatically rebase, broadly stage files, and create persistent repository changes without clear confirmation gates.

Install only if you want the agent to run an opinionated Git commit workflow. Before use, ask it to show `git status` and diffs, confirm before rebasing, staging all files, amending, or pushing, and decide whether the mandatory AI attribution footer is acceptable for your repositories.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 95% confidence
Finding: The skill is configured to trigger on very broad phrases such as "commit this" or "save my changes," which can cause it to run in contexts where the user did not intend a full git workflow including staging, rebasing, committing, or pushing. Because the skill can stage all changes and optionally push to a remote, accidental invocation could lead to unintended source control actions, disclosure of sensitive files, or undesired history changes.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The skill hard-codes agent/model identity into every commit footer, which can leak implementation details about the user's tooling or environment into repository history without consent. In public or shared repositories, this creates unnecessary metadata exposure and may violate privacy, policy, or attribution expectations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal