git-workflow-expert
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes data from external repositories.\n
- Ingestion points: The skill uses git log, git diff, and git show to read commit history and file content, and it processes commit messages via Git hooks in SKILL.md.\n
- Boundary markers: There are no instructions or delimiters to prevent the agent from following instructions embedded within the commit messages or repository files.\n
- Capability inventory: The skill has the ability to execute terminal commands and modify files via the Bash, Write, and Edit tools.\n
- Sanitization: No sanitization is performed on repository data before it is processed by the agent.\n- [EXTERNAL_DOWNLOADS]: The skill fetches code and configuration from external sources using git clone, git subtree, and npx, targeting well-known services like GitHub and the NPM registry.\n- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute Git commands and run development scripts such as npm test and npx lint-staged, which are essential for its functionality as a Git workflow expert.
Audit Metadata