cco-git
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted metadata from the local git environment which represents a surface for indirect prompt injection.
- Ingestion points: Data is ingested via the output of git-context.js as described in SKILL.md.
- Boundary markers: No delimiters or ignore instructions are present to distinguish git-sourced data from agent instructions.
- Capability inventory: The skill is permitted to use the Bash, Read, and Glob tools.
- Sanitization: There is no evidence of sanitization or validation of the ingested git metadata.
Audit Metadata