git-repo-standards
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface within its 'Review' mode. When performing a repository audit, the agent parses documentation files such as README.md, LICENSE, and CHANGELOG.md to verify compliance. Ingestion points: Repository files read in 'Review' and 'Audit' modes (SKILL.md). Boundary markers: Absent. The skill does not instruct the agent to treat these external files as untrusted data or use delimiters to isolate their content. Capability inventory: The skill has the capability to scaffold directory structures, write CI/CD workflows, and configure git hooks. Sanitization: Absent. External content is not sanitized or escaped before processing.
- [EXTERNAL_DOWNLOADS]: The skill references fetching license templates from well-known technology domains (apache.org and gnu.org). This is a standard and expected behavior for its licensing enforcement functionality and involves trusted sources.
Audit Metadata