rebase
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [Dynamic Execution] (MEDIUM): The skill instructs the agent to execute local scripts via
node(e.g.,.github/skills/rebase/scripts/align-pre-initial-versions.cjsandgenerate-rebase-report.cjs). Running scripts from the repository filesystem is a medium risk as it assumes the repository contents are safe and haven't been tampered with. - [Indirect Prompt Injection] (LOW): The skill contains a workflow where the AI agent reads and summarizes a generated report (
.tmp/skills/rebase/...-rebase-report.md). This report contains data derived from the repository such as commit messages and dependency names. An attacker could potentially embed instructions in these fields to influence the agent's summary or risk assessment. - Ingestion points:
.tmp/skills/rebase/<timestamp>-rebase-report.md(read by the agent in Step 10). - Boundary markers: Absent; the agent is simply instructed to read the report.
- Capability inventory: File system read/write,
git push --force, andnodescript execution. - Sanitization: None specified; the agent processes the raw output of the report generation script.
Audit Metadata