squash-commits
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local shell script
{{SKILL_DIR}}/scripts/squash.shto perform various Git operations, including repository checks, branch detection, and soft-resetting the branch history. These operations are conducted within the local repository context.\n- [PROMPT_INJECTION]: Vulnerability to indirect prompt injection exists because the skill ingests data from existing Git commit messages to synthesize a new consolidated message.\n - Ingestion points: Data is collected from
git logoutput via a helper script, as seen in the Step 1 and Step 2 workflows inSKILL.md.\n - Boundary markers: The script uses clear headers (e.g.,
=== COMMIT MESSAGES ===,=== TRAILERS ===) to delimit data sections, which helps distinguish untrusted content from the script's own output.\n - Capability inventory: The skill has the capability to execute shell scripts and perform Git writes (
git commit,git reset,git update-ref) in the local repository.\n - Sanitization: The agent is instructed to synthesize the final message based on the input, which serves as a natural language interpretation step, though no programmatic sanitization is applied to the untrusted commit content.\n- [EXTERNAL_DOWNLOADS]: The
README.mdprovides an installation commandnpx skills add bkowshik/git-skillswhich fetches the skill from the author's repository.
Audit Metadata