ghpm-suggest
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several bash commands to gather repository state, including 'git remote', 'git branch', 'git log', 'git diff', and 'gh api'. These commands are used to provide the agent with session context and project status.\n- [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection because it ingests untrusted data from the environment that could contain hidden instructions.\n
- Ingestion points: Data is ingested through 'git log --oneline' and 'git diff --stat' which retrieve commit history and changes from the repository.\n
- Boundary markers: The instructions do not specify any delimiters or warnings to the agent to disregard potential instructions embedded within the git logs or diffs.\n
- Capability inventory: The skill is allowed to use Bash (restricted to git and gh), Read, Grep, and Glob tools.\n
- Sanitization: There is no evidence of sanitization or filtering applied to the output of the git commands before the data is processed by the agent.
Audit Metadata