git-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill's workflow exposes the agent to indirect prompt injection by processing external, untrusted content from Git repositories and GitHub.
- Ingestion points: External data enters the context through
gh pr view,gh issue list,git diff, and manual file inspection during conflict resolution (e.g.,cat file.txt). - Boundary markers: Absent. The instructions do not define delimiters or provide warnings to disregard instructions embedded in the external content.
- Capability inventory: The skill utilizes the Bash tool for command execution, including
git bisect run(inreferences/advanced-git.md), which can execute arbitrary scripts within a repository. - Sanitization: Absent. No mechanism for filtering or validating external content is mentioned before it is processed by the agent.
- [COMMAND_EXECUTION] (SAFE): The skill leverages standard developer tools (Git, GitHub CLI, Delta) for legitimate repository management. No malicious command injection or persistence mechanisms were identified.
Audit Metadata