Skills
skills/jmerta/codex-skills/rebase-assistant/Gen Agent Trust Hub

rebase-assistant

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The skill invokes multiple shell commands including git rebase, git fetch, git add, and git checkout. These commands modify the local repository state and synchronize with remote servers. While safety rules are present to prevent git reset --hard, the agent still maintains high-privilege write access to the workspace.
  • [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection (Category 8) due to the combination of untrusted data ingestion and file-system write capabilities.
  • Ingestion points: Git branch names retrieved from git remote show origin, status output from git status, and critically, file contents processed during conflict triage (git diff, git show :1/2/3).
  • Boundary markers: No delimiters or explicit instructions are provided to the agent to treat repo-provided strings as data rather than instructions.
  • Capability inventory: The skill can execute file modifications (git add, git checkout --ours/--theirs) and proceed with rebases, which can be manipulated by malicious content in the files being resolved.
  • Sanitization: There is no evidence of sanitization or filtering of branch names or file content before they are interpreted by the agent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 02:20 AM