sync-cli-skill
Warn
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to execute several shell commands, including
git diff,git ls-files, andgit describe, using a path provided by the user. If the input path is not properly validated or sanitized by the underlying platform, it could facilitate command injection or allow the agent to interact with sensitive system directories outside the intended scope.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes external source code and interpolates parts of that code (such as command descriptions) into its own reference files (references/*.md) and main instructions (SKILL.md). - Ingestion points: Files within the user-provided CLI source repository (Step 5c).
- Boundary markers: None. The skill does not implement delimiters or 'ignore' instructions to separate extracted source content from agent instructions.
- Capability inventory: The skill has the ability to read and write files and execute git shell commands.
- Sanitization: The skill parses source code for structure but lacks safety filters to detect or neutralize natural language instructions hidden within the source code.
Audit Metadata