Skills
skills/bwl21/bwl-flyer-generator/git-conventions/Gen Agent Trust Hub

git-conventions

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Command Execution] (HIGH): The skill utilizes git commit, git push, and gh pr create (SKILL.md), granting the agent the power to modify the codebase and interact with external remote repositories.
  • [Indirect Prompt Injection] (HIGH): This skill exhibits a significant attack surface for indirect prompt injection (Category 8).
  • Ingestion points: The agent is instructed to run git diff and git log (SKILL.md), which brings external, untrusted content from the repository into the agent's context.
  • Boundary markers: The 'Important Rules' section provides a policy-based constraint ('Never commit or push unless explicitly asked'), but this is a soft boundary that can be overridden by instructions embedded in the ingested data.
  • Capability inventory: The agent has write access to the filesystem via git commit and network access via git push and gh pr create.
  • Sanitization: No technical sanitization, filtering, or validation is performed on the data ingested from the repository before it is processed by the agent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 10:18 AM