Skills
skills/fradser/dotclaude/config-git/Gen Agent Trust Hub

config-git

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from the project's commit history to analyze patterns and propose scopes. This creates an indirect prompt injection surface where a specially crafted commit message could attempt to influence the agent's logic during Phase 2 or 3.
  • Ingestion points: git log --format="%s" -n 50 output in Phase 2.
  • Boundary markers: The prompt instructions do not provide delimiters or instructions to ignore embedded commands within the log data.
  • Capability inventory: Bash, Write, Read, Glob.
  • Sanitization: No sanitization or validation of the commit message content is performed before analysis.
  • [COMMAND_EXECUTION]: The skill uses shell commands to inspect the local environment and modify Git configuration. It executes git config to set user identity and ls/find to determine project structure. These operations are limited to the project directory and standard Git settings.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 04:49 AM