git-workflows
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses role-playing instructions to define sub-agent behaviors (e.g., 'You are a SECURITY REVIEWER') and exhibits an indirect prompt injection surface by ingesting untrusted pull request data for analysis.
- Ingestion points: Pull request metadata and file changes analyzed during Phase 2.
- Boundary markers: Absent from sub-agent prompt templates in SKILL.md.
- Capability inventory: Includes git command execution, sub-agent spawning via the Task tool, and interaction with contextd MCP tools.
- Sanitization: Mentions automated secret scrubbing within the branch_return functionality.
- [COMMAND_EXECUTION]: The skill performs extensive git operations and utilizes the Task tool to spawn background sub-processes for parallel review tasks.
Audit Metadata