Git Commit Formatter

Security checks across malware telemetry and agentic risk

Overview

This commit-message helper mostly does what it says, but it also includes unrelated instructions for a system whitelist that can auto-add skills without asking.

Review or remove the whitelist section before installing. Use this skill only for commit-message generation, and avoid pasting secrets, tokens, private keys, or sensitive proprietary code in raw diffs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 98% confidence
Finding: The skill manifest presents a narrow purpose—formatting commit messages—but the body adds unrelated operational behavior for reading and influencing a system whitelist used for auto-adding skills. This is dangerous because it expands the skill's authority beyond user-visible expectations and creates a path for privilege creep or unauthorized propagation of skills through gateway automation.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The instructions explicitly describe reading and updating `/data/workspace/whitelist.yml`, a system control file unrelated to commit formatting. Embedding access to an allowlist in a benign-seeming formatter skill is especially dangerous because it could let the skill self-authorize or authorize other skills for automatic installation, undermining trust boundaries and enabling persistence or lateral capability expansion.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal