git-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: A thorough audit of the 32 files in this skill found no evidence of malicious patterns, such as prompt injection, data exfiltration, or obfuscated code. The skill is purely instructional.
- [COMMAND_EXECUTION]: The skill includes numerous examples of
git,gh(GitHub CLI), andnpmcommands. These are standard tools used for their intended purpose of managing repository workflows and implementing development hooks (e.g., Husky). - [EXTERNAL_DOWNLOADS]: The skill references several external resources for documentation and tooling, including git-scm.com, conventionalcommits.org, and official GitHub documentation. All referenced domains are well-known technology sites or trusted organizations.
- [PROMPT_INJECTION]: The skill provides guidelines for agents to analyze git history and pull requests (Category 8 surface). 1. Ingestion points: Untrusted data enters via git commit messages or PR text provided by the user for review. 2. Boundary markers: The skill defines structured output formats (e.g.,
[category] description) to separate analysis from content. 3. Capability inventory: The skill suggests command snippets to the user but does not contain internal mechanisms for arbitrary shell execution or network requests. 4. Sanitization: No explicit input sanitization is defined, but the instructions focus on objective formatting checks (e.g., conventional commit compliance) rather than executing embedded text.
Audit Metadata