git-advanced-workflows
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (MEDIUM): Use of
git bisect runallows for automatic execution of arbitrary commands or scripts present in a repository. - Evidence: The skill provides examples such as
git bisect run ./test.shandgit bisect run npm testin the 'Automated Bisect' and 'Workflow 3' sections ofSKILL.md. - Risk: An attacker-controlled repository could include a malicious
test.shor a backdooredpackage.json(triggering vianpm test) that executes code when the agent attempts to troubleshoot or find a bug. - [COMMAND_EXECUTION] (LOW): The skill relies heavily on executing a variety of Git commands that modify the filesystem and interact with remote servers.
- Evidence: Frequent use of
git rebase,git push --force-with-lease, andgit worktreethroughout the document. - Risk: While standard for Git, these commands provide a broad capability surface for an agent that might be manipulated into destructive actions if boundary markers for repository content are not strictly enforced.
- [INDIRECT_PROMPT_INJECTION] (MEDIUM): The skill is designed to process external, potentially untrusted repository data through code execution paths.
- Ingestion points: Git repository history and files accessed during
bisectorrebaseoperations. - Boundary markers: None specified in the instructions to separate agent logic from untrusted repository scripts.
- Capability inventory:
subprocessexecution viagit bisect run, and file modification viagit rebase/reset. - Sanitization: No validation of the safety of the
test.shornpmscripts before execution.
Audit Metadata