Skills
skills/bitwarden/ai-plugins/analyzing-git-sessions/Gen Agent Trust Hub

analyzing-git-sessions

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (MEDIUM): The skill processes untrusted external data that can contain malicious instructions.
  • Ingestion points: Repository data is ingested via git log and git diff in SKILL.md.
  • Boundary markers: Absent. The skill does not wrap commit messages or code diffs in delimiters in its output to the agent.
  • Capability inventory: The skill uses git subprocess calls and the resulting data influences agent reasoning for code reviews and PR descriptions.
  • Sanitization: Absent. The skill provides no mechanism to filter or escape instructional content within commit messages.
  • COMMAND_EXECUTION (MEDIUM): Use of shell variables in git command templates without sanitization.
  • Evidence: SKILL.md includes logic that interpolates variables like <range>, <start>, <end>, and $module directly into shell command strings (e.g., git diff <start>..<end> -- $module/). If these variables are derived from malicious repository metadata (e.g., a branch name containing shell metacharacters), they could lead to command injection.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 09:51 AM