git-sync
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill uses standard Git CLI tools (
git fetch,git pull,git checkout,git reset) to manage local repository state. These actions are directly aligned with the skill's stated purpose. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8).
- Ingestion points: The agent reads output from
git branch,git status, andgit log(SKILL.md). - Boundary markers: Absent. There are no delimiters or instructions to ignore commands embedded in the Git history.
- Capability inventory: The skill has the ability to execute shell commands and modify the local filesystem via
git reset --hardandgit pull. - Sanitization: No escaping or filtering is applied to the data fetched from the remote repository or the local Git metadata.
- Risk: An adversary with the ability to push commits or create branches in the repository could include malicious instructions in commit messages that might influence the agent's logic when it parses the logs.
Audit Metadata