git-ops
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various git and gh commands via the bash tool. It manages high-risk operations like branch deletion and force pushes through a 'Tier 3' safety protocol that requires preflight reports and user confirmation.
- [REMOTE_CODE_EXECUTION]: The advanced git reference guide describes the use of git bisect run to execute scripts. If an attacker can influence the script being tested, this leads to arbitrary command execution within the environment.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by gathering context from untrusted sources. * Ingestion points: Conversation history, commit messages, and PR metadata (SKILL.md). * Boundary markers: Prompt templates for sub-agents lack explicit delimiters or instructions to ignore embedded commands. * Capability inventory: Access to bash, filesystem operations, and GitHub CLI. * Sanitization: No evidence of sanitization or escaping of external content before interpolation.
- [COMMAND_EXECUTION]: Documentation includes the ability to change the git sequence editor, which can be configured to run arbitrary executables during interactive rebases, potentially leading to unauthorized command execution.
Audit Metadata