Skills
skills/a-green-hand-jack/ml-research-skills/safe-git-ops/Gen Agent Trust Hub

safe-git-ops

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local Python scripts such as scripts/validate_skills.py and scripts/prepare_sidecar_task.py along with a wide range of Git commands via the Bash tool. These are intended for repository validation and state management.
  • [EXTERNAL_DOWNLOADS]: The skill contains instructions to install additional packages using npx skills add a-green-hand-jack/ml-research-skills. This represents an external download and installation of code from the author's repository.
  • [PROMPT_INJECTION]: The skill processes output from Git commands (status, log, diff) which could potentially contain malicious instructions if the agent is operating within an untrusted repository (Indirect Prompt Injection).
  • Ingestion points: Data entering the agent via git status --short, git log, git diff, and git worktree list (referenced in SKILL.md and worktrees.md).
  • Boundary markers: Absent; the agent is instructed to interpret command output directly to categorize failures.
  • Capability inventory: Shell access (Bash), file writing (Write/Edit), and network Git operations (fetch/pull/push).
  • Sanitization: No explicit sanitization or filtering of Git command output is defined.
  • [SAFE]: The static detector's finding regarding concealment is a false positive; the skill instructions explicitly prioritize transparency by requiring the agent to explain environment and sandbox restrictions to the user rather than providing vague diagnoses.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 02:06 PM