Skills
skills/bmad-labs/skills/multi-repo-git-ops/Gen Agent Trust Hub

multi-repo-git-ops

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection. It extracts information from repository files and interpolates it into shell command strings.
  • Ingestion points: Reads submodule paths, branches, and story keys from .gitmodules, sprint-status.yaml, and Markdown files in _bmad-output/implementation-artifacts/.
  • Boundary markers: Absent. No delimiters or specific instructions are used to ensure the agent ignores potentially malicious commands embedded in these files.
  • Capability inventory: Executes various git and npm commands which can modify the file system or communicate with remote servers.
  • Sanitization: Absent. Extracted strings are used directly in bash variables (e.g., BRANCH_NAME="feat/${STORY_KEY}") and subsequent commands.
  • [COMMAND_EXECUTION]: The skill uses local command execution as its primary method of operation.
  • Evidence: Utilizes git config, git checkout, git push, and git submodule foreach to perform cross-repository operations as described in SKILL.md.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 02:46 AM