git
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation in SKILL.md defines numerous Git and GitHub CLI commands for repository management. This includes powerful and potentially destructive operations such as 'git reset --hard', 'git clean -fd', and 'git push --force'. These commands are properly documented with safety warnings and listed under constraints to prevent accidental misuse.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks due to its core functionality. 1. Ingestion points: The agent reads untrusted data from the environment via commands like 'git log', 'gh pr view', and 'gh issue view' in SKILL.md. 2. Boundary markers: The instructions lack explicit delimiters or instructions for the agent to ignore potentially malicious instructions embedded in commit messages or issue bodies. 3. Capability inventory: The skill possesses write capabilities including 'git commit', 'git push', and 'gh pr merge'. 4. Sanitization: No sanitization or validation of external text from the repository history or GitHub metadata is specified.
Audit Metadata