Skills
skills/ai-native-camp/git-for-everyone/git-onboarding-auto/Gen Agent Trust Hub

git-onboarding-auto

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes extensive bash commands to collect system state and perform Git operations, including modifying global configurations and managing repository remotes.
  • [EXTERNAL_DOWNLOADS]: Fetches and installs the Homebrew package manager and the GitHub CLI (gh) from their official repositories to fulfill environment prerequisites.
  • [REMOTE_CODE_EXECUTION]: Downloads and executes the official Homebrew installation script using a shell pipe (curl | bash). While this originates from a well-known service, it constitutes remote code execution at runtime.
  • [PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection (Category 8).
  • Ingestion points: The agent ingests and summarizes output from local repository commands such as git status, git remote get-url, and git log @{u}.. in Phase 1.
  • Boundary markers: There are no delimiters or instructions provided to the agent to ignore potentially malicious content embedded in the repository's metadata or commit history.
  • Capability inventory: The agent possesses the ability to execute arbitrary bash commands, write files, and interact with network APIs via the GitHub CLI.
  • Sanitization: No sanitization or filtering is performed on the data retrieved from the local repository environment before it is passed to the agent for processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 01:07 PM