software-change-management-using-git
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [Command Execution] (LOW): The skill instructs the agent to execute multiple git commands, including
git add,git commit,git push, and complex recovery operations likegit rebase. While these are necessary for the stated purpose, automated execution on a local repository requires caution. - [Indirect Prompt Injection] (LOW): The skill processes untrusted data from local file changes and untracked files, creating an attack surface where instructions embedded in code could influence the agent's behavior.
- Ingestion points: File diffs and untracked files via
SKILL.md(Step 1). - Boundary markers: Absent. The agent is not instructed to ignore instructions found within the code changes.
- Capability inventory: Git command execution (
commit,push,pull,rebase) viaSKILL.md(Step 2 and 3). - Sanitization: Absent. No filtering of file content is performed before processing.
- [Data Exposure] (LOW): The logic to "determine if [untracked files] should be added to the commit" relies entirely on the model's judgment. This presents a risk where sensitive files (e.g.,
.env, credentials) might be accidentally committed to a remote repository if the model fails to identify them as sensitive.
Audit Metadata