lesson-learned
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell-based git commands (
git log,git diff,git show) to gather data about code changes. These commands are executed within the local environment to provide the primary functionality of the skill. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted input from the repository's git history. It specifically instructs the agent to read commit messages for 'intent,' which could allow a malicious actor to influence the AI's behavior through crafted commit messages or code comments.
- Ingestion points: Git history (log/diff) content and commit messages accessed during Phase 2.
- Boundary markers: None. There are no instructions to ignore or treat embedded code/comments as untrusted data.
- Capability inventory: Execution of git commands and read access to the local filesystem.
- Sanitization: None. The skill reads raw output from git commands and processes it directly into the analysis phase.
Audit Metadata