sc-git
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill uses Bash to execute Git commands (
add,commit,push, etc.). This creates a direct risk of command injection if arguments derived from the repository (such as filenames or branch names) are not properly escaped before being passed to the shell. - [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: Reads repository analysis, Git state, and context (SKILL.md).
- Boundary markers: None specified in the instructions.
- Capability inventory: Bash command execution, file reading (Read), and file writing (TodoWrite).
- Sanitization: No evidence of input validation or sanitization for repository-derived data. Malicious commit messages or file names in a repo could manipulate the agent's logic during 'intelligent' analysis.
- [DATA_EXFILTRATION] (MEDIUM): The 'push' operation facilitates outbound network communication. If an attacker can manipulate the repository context to add a malicious remote, the agent could be coerced into exfiltrating the entire codebase to an external server.
Recommendations
- AI detected serious security threats
Audit Metadata