cfg
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute git commands for repository synchronization and conflict resolution.
- [DATA_EXFILTRATION]: The skill executes
git pushto upload local file contents to a remote repository, which is an intentional transfer of local data. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection when reading and summarizing file contents during
git diffor conflict resolution. Evidence: (1) Ingestion: The agent reads file contents in Step 1 and Step 3 of the workflow defined in SKILL.md; (2) Boundaries: No explicit boundary markers or instructions to ignore embedded content are used; (3) Capability inventory: The agent has access to Bash, Read, Write, and Edit tools; (4) Sanitization: No content validation or sanitization is performed on the data read from files before it is processed by the model.
Audit Metadata