testing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The script executes Git commands using the simple-git library. This is the intended purpose of the tool and is implemented safely using process spawning rather than a shell, which prevents shell injection.
- [DATA_EXPOSURE] (SAFE): The script reads local Git metadata and file paths to generate a report. No sensitive credentials or private keys are accessed, and data is not transmitted externally.
- [PROMPT_INJECTION] (SAFE): Evaluation of indirect injection surface. 1. Ingestion points: File paths from git status in scripts/start-position.ts. 2. Boundary markers: Absent in Markdown output. 3. Capability inventory: Local Git operations (stash, apply) and console logging. 4. Sanitization: Absent. The surface is considered SAFE as the script's actions are restricted to local Git management.
Audit Metadata