git-workspace-review
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute standard development commands including make format, make lint, and pytest. These commands run scripts defined within the local repository environment.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes output from git operations without proper data isolation.\n
- Ingestion points: The skill ingests untrusted data from the outputs of git status -sb and git diff as defined in SKILL.md and modules/git-commands.md.\n
- Boundary markers: The instructions lack explicit delimiters or specific directives to the agent to ignore any natural language instructions found within the repository diffs or status reports.\n
- Capability inventory: The skill utilizes the Bash tool, which provides the agent with the ability to execute arbitrary commands on the system.\n
- Sanitization: There is no evidence of sanitization, escaping, or schema validation performed on the git command output before it is interpreted by the agent.
Audit Metadata