gitwhy-context-saving
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
git-whyCLI tool to perform its primary functions, including saving, searching, and retrieving context data. This is standard behavior for a CLI-integrated tool. - [EXTERNAL_DOWNLOADS]: The skill communicates with
app.gitwhy.devandapi.gitwhy.devfor cloud-based features such as synchronizing private contexts and sharing them with team members. These domains are owned by the skill's author. - [CREDENTIALS_UNSAFE]: The documentation references storing an API key in
~/.gitwhy/credentials. This is a standard practice for local CLI credential management and does not involve hardcoded secrets within the skill itself. - [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The
gitwhy_gettool andgit why getcommand read stored context files from the.git/gitwhy/contexts/directory. - Boundary markers: The skill uses XML-like tags (
<context>,<story>, etc.) for structured input, which provides some separation between metadata and content. - Capability inventory: The skill has the ability to execute CLI commands, write to the local filesystem, and perform network requests to push data to remote servers or post comments to GitHub PRs.
- Sanitization: There is no explicit mention of sanitizing or escaping the content of retrieved contexts before they are presented to the agent. Because the data is stored within the local git repository, the risk is limited to users who already have commit access to the project.
Audit Metadata