git-create-mr
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs automated Git operations including branch creation, pushing to remote repositories, and pruning fetched data. These operations are essential for its stated goal of managing Merge Requests.
- [COMMAND_EXECUTION]: It requests 'required_permissions: ["all"]' specifically to access Git credentials stored in the environment, which is necessary for the push commands to succeed.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data from the local repository's history and diffs.
- Ingestion points: Untrusted data enters the context via 'git log --oneline' and 'git diff --stat' outputs from the current repository.
- Boundary markers: The skill lacks explicit delimiters or instructions to ignore potential commands embedded within commit messages when constructing the final 'git push' command strings.
- Capability inventory: Across 'SKILL.md', the agent is authorized to execute subprocesses ('git push') that accept parameters ('-o merge_request.title/description') derived from the ingested data.
- Sanitization: No formal sanitization or escaping is performed; the skill relies on the agent to create a 'brief summary' or 'single-line description', which may not effectively neutralize adversarial content in commit messages.
Audit Metadata