git-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill provides a framework for the agent to ingest and summarize git data, which represents an attack surface for indirect prompt injection.
- Ingestion points: The agent reads untrusted content via
git log,git diff, andgit blame(File: SKILL.md). - Boundary markers: The skill lacks explicit instructions or delimiters to help the agent distinguish between its own system instructions and data found within git commits or code comments.
- Capability inventory: The agent has the capability to execute shell commands (
git) and interact with the GitHub CLI (gh), which could be abused if the agent is manipulated by injected text. - Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the git repository before it is processed by the LLM.
Audit Metadata