git-workflow
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill exhibits a high-severity vulnerability to indirect prompt injection because it processes untrusted external content and has significant side-effect capabilities.\n
- Ingestion points: Data enters the context through file contents via 'git add' and PR/MR descriptions provided to 'gh pr create'.\n
- Boundary markers: Uses Bash heredocs (EOF) for command interpolation, which do not provide a secure boundary against adversarial instructions embedded in data.\n
- Capability inventory: Extensive 'write' and 'execute' capabilities including 'git commit', 'git push', and arbitrary 'Bash' execution.\n
- Sanitization: No sanitization, escaping, or validation of ingested content is performed.\n- [COMMAND_EXECUTION] (MEDIUM): The skill relies on the Bash tool for all operations. This allows for arbitrary shell command execution, which significantly amplifies the risk and impact of any successful prompt injection attack.
Recommendations
- AI detected serious security threats
Audit Metadata