git-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands for git operations (branching, commits, pushes), workspace management via the
but(GitButler) utility, and project validation withbun run check. These commands are standard for the skill's purpose of automating PR workflows. - [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection because it automatically processes and applies code changes based on PR comments and external AI reviews without human confirmation.
- Ingestion points: Feedback is fetched through
agent-tools-gh pr threadsandagent-tools-gh pr issue-comments-latestin Phase 2. - Boundary markers: Absent; there are no delimiters or instructions provided to the agent to ignore potentially malicious directions embedded in the comments.
- Capability inventory: The skill has the ability to execute
git commit,git push, and local validation scripts viabun. - Sanitization: Absent; the skill is instructed to 'auto-apply' fixes for various categories of feedback without intermediate validation.
Audit Metadata