Skills
skills/athola/claude-night-market/git-workspace-review/Gen Agent Trust Hub

git-workspace-review

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes make format, make lint, and pytest for code quality and workflow validation, which relies on the contents of the local Makefile and test suite. It also utilizes platform-specific PreToolUse and Stop hooks to log git activity to a local audit file at ${CLAUDE_CODE_TMPDIR:-/tmp}/skill-audit.log.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting and processing data from git operations which can contain untrusted, attacker-controlled content from file modifications or commit messages.
  • Ingestion points: git status, git diff, git log, and git show (referenced in SKILL.md and modules/git-commands.md).
  • Boundary markers: No explicit delimiters or instruction-bypass warnings are used when processing this data.
  • Capability inventory: Executes shell commands via the Bash tool and lifecycle hooks.
  • Sanitization: No validation or escaping is applied to the git command outputs before analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 11:26 PM