Skills
skills/arabelatso/skills-4-se/git-bisect-assistant/Gen Agent Trust Hub

git-bisect-assistant

Warn

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/git_bisect_runner.py executes arbitrary shell commands provided by the user via the --test parameter. This is implemented in the test_commit function using subprocess.run(["bash", "-c", test_cmd]). While this is the intended primary purpose of the skill, it creates a high-privilege execution environment where any command the agent has permissions for can be run on the host system.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes and executes commands that may originate from untrusted external sources.
  • Ingestion points: The --test, --repo, --good, and --bad arguments in scripts/git_bisect_runner.py act as entry points for data that could be influenced by an attacker.
  • Boundary markers: None. The skill does not use delimiters or instructions to ignore embedded commands within the test string.
  • Capability inventory: The script has the capability to execute any shell command via bash -c and perform file system operations through git commands.
  • Sanitization: No sanitization or validation is performed on the test_cmd string before it is passed to the shell for execution.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 6, 2026, 10:20 PM