but
Fail
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation includes an installation command that fetches a shell script from 'https://gitbutler.com/install.sh' and pipes it directly into the system shell. This is the official installation method for the GitButler CLI tool.
- [COMMAND_EXECUTION]: The skill functions by executing shell commands using the 'but' and 'git' command-line utilities to manage branches, commits, and remotes.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it reads and processes external repository data, such as commit messages and diffs, which could contain malicious instructions.
- Ingestion points: 'but status --json', 'but show', and 'but diff' commands.
- Boundary markers: The skill requires the use of the '--json' flag for structured output parsing.
- Capability inventory: Shell command execution via 'but' and 'git' binaries; network operations for pulling, pushing, and PR creation.
- Sanitization: No evidence of sanitization for the textual content of commits or file changes before injection into the agent context.
Recommendations
- HIGH: Downloads and executes remote code from: https://gitbutler.com/install.sh - DO NOT USE without thorough review
Audit Metadata