git-spice
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill is primarily composed of command-line instructions for
git-spice,git,glab, andgh. These commands are used for their intended purposes: repository initialization, branch management, and merge request updates. - [EXTERNAL_DOWNLOADS]: The configuration in
prek.tomlreferences standard development tools such astyposandlycheefor linting and link checking. These are well-known utilities and pose no security risk. - [DATA_EXPOSURE]: The skill provides instructions for authenticating with GitLab using
git-spice auth login, which is a standard procedure for the tool. It does not involve hardcoded secrets or unauthorized exfiltration of sensitive data. - [INDIRECT_PROMPT_INJECTION]: The skill involves the agent generating merge request descriptions and commit messages. While this creates a surface for indirect prompt injection if the agent processes untrusted external data (like a PR body) without sanitization, the skill itself provides structured templates that help mitigate accidental misinterpretation.
Audit Metadata