Back to skill

Security audit

Gitai - Git Commit Automation

Security checks across malware telemetry and agentic risk

Overview

This skill is a real Git automation helper, but it can commit and push code and use external AI providers without enough built-in guardrails or privacy disclosure.

Install only if you want an agent to invoke a local Git automation CLI in your repositories. Review the diff and generated commit message before allowing any commit, use push only after explicitly confirming the branch and remote, and avoid sensitive repositories unless your configured AI provider is approved for that code.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The manifest description emphasizes commit-message generation, but the documented behavior includes staging, committing, and optionally pushing changes to a remote. This mismatch can mislead users or agents about the true scope of side effects, increasing the chance of unintended repository modification or data exfiltration through a push.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README advertises multi-LLM support and instructs users to configure external AI providers, but it does not clearly warn that staged code or diffs will be transmitted to third-party services for analysis. This can cause users to expose proprietary code, secrets, or regulated data without informed consent, especially in enterprise or sensitive repositories.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description does not prominently warn that the workflow can automatically commit and push repository changes. In an automation context, omission of these side effects is dangerous because users may invoke the skill expecting analysis only, while it can perform irreversible or externally visible repository actions.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list includes generic phrases such as "generate commit," "git message," and "conventional commits," which can match many ordinary Git-related requests beyond the skill's narrow purpose. Overly broad activation can cause the skill to be invoked unexpectedly, increasing the chance that it influences workflows or handles repository context when the user did not specifically intend to use this automation skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.