gitbutler
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection surface identified in the Claude Code integration hooks documentation.
- Ingestion points: The 'but claude stop' hook processes workspace state and context (untrusted repository data) to generate commit messages (references/hooks.md).
- Boundary markers: The suggested configuration does not include explicit boundary markers or instructions to ignore instructions embedded in the code being committed.
- Capability inventory: The integration enables automated git commits ('but commit') based on AI-generated content.
- Sanitization: No sanitization or validation of the ingested context is specified in the configuration guide.
- SAFE: The CLI commands provided in references/cheatsheet.md and references/tutorial.md are standard, non-malicious usage examples for the GitButler tool.
- EXTERNAL_DOWNLOADS (SAFE): External URLs in the documentation point to official resources (gitbutler.com, anthropic.com) and do not involve remote code execution.
Audit Metadata