git-flow-manager
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of standard Git CLI commands such as
git worktree,git stash,git push,git rebase, andgit merge. These operations are strictly limited to repository and workspace management as described in the skill's purpose.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) because it reads external data fromgit logandgit diff.\n - Ingestion points: Reads Git history and code changes via
git log,git show, andgit diff.\n - Boundary markers: None present in the instructions to distinguish between commit metadata and potential instructions.\n
- Capability inventory: Execution of Git commands and filesystem manipulation via the
worktreecommand.\n - Sanitization: No specific sanitization or filtering of commit messages or diff content is defined. Despite this surface, the risk is categorized as SAFE given the standard nature of the tools used.\n- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill interacts with the filesystem, including creating directories in the parent folder (e.g.,
../momei-dev) via Git worktrees. This behavior is documented as a project convention for environment isolation and does not appear to involve exfiltration of sensitive data.
Audit Metadata