git-review
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Bash to execute numerous git commands (
git pull,git log,git diff,git branch,git status) and system utilities (find,awk) to analyze repository history and local notes. It also attempts to execute Google Chrome via a hardcoded path for PDF generation. - [EXTERNAL_DOWNLOADS]: It performs network operations through
git pullto fetch data from remote repositories and usesnpxto retrieve themd-to-pdfpackage from the npm registry. - [REMOTE_CODE_EXECUTION]: It invokes
npx -y md-to-pdf, which downloads and executes a remote package at runtime to perform document conversion. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it ingest and summarizes content from git commit messages and local markdown files which are not fully under the agent's control.
- Ingestion points: Commit messages retrieved via
git logand daily records extracted fromnotes/daily_notes/(SKILL.md). - Boundary markers: Absent; the skill does not use specific delimiters or instructions to prevent the agent from following commands that might be embedded in commit messages or notes.
- Capability inventory: The skill has the capability to execute arbitrary bash commands, access the file system, and perform network requests.
- Sanitization: No explicit sanitization or filtering is applied to the retrieved commit data or notes before they are processed for the final report.
Audit Metadata