git-workflow
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- Prompt Injection (HIGH): Indirect Prompt Injection Surface.\n
- Ingestion Points: The skill processes untrusted external content, specifically issue descriptions and user input, which are interpolated into templates via placeholders like
{{ISSUE_NUMBER}}and{{NEW_FILE_OR_FEATURE}}inreferences/pull-request.template.md.\n - Boundary Markers: None. The templates do not utilize delimiters (e.g., XML tags or unique markers) or provide explicit "ignore embedded instructions" warnings to the agent for the interpolated data.\n
- Capability Inventory: According to
SKILL.md, the skill is intended to "Create well-structured pull requests", "Manage merge strategies", and handle "branch management". These are high-privilege write operations on a code repository.\n - Sanitization: There is no evidence of sanitization, validation, or escaping logic for the content injected into the placeholders.\n- No Code (INFO): The skill consists entirely of Markdown documentation and templates. No executable scripts (.py, .js, .sh), binaries, or configuration files that could trigger automated execution were found.\n- Metadata (LOW): There is a minor case-sensitivity discrepancy between the reference in
SKILL.md(references/PULL_REQUEST.template.md) and the actual file path (references/pull-request.template.md).
Recommendations
- AI detected serious security threats
Audit Metadata