repo-cli
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a specialized CLI tool named
repoto perform various Git operations such as status monitoring, branch management, and interactive rebasing. - [EXTERNAL_DOWNLOADS]: The
repo updatecommand facilitates the download and installation of tool updates from the author's GitHub repository. - [REMOTE_CODE_EXECUTION]: The installation instructions suggest using
cargo installfrom source or crates.io, which involves compiling and executing code provided in the repository. - [PROMPT_INJECTION]: The skill ingests git diffs and commit messages to be processed by external AI models (Claude, Codex, or Gemini). This creates an indirect prompt injection surface where adversarial content within a git repository could manipulate AI-generated output.
- Ingestion points: Git diffs and commit messages processed during
repo commitandrepo exploreworkflows. - Boundary markers: None identified; instructions do not specify delimiters to isolate untrusted repository content.
- Capability inventory: The tool executes git commands, GitHub CLI operations (
gh), and performs network communication for AI processing and self-updates. - Sanitization: No evidence of sanitization or filtering for adversarial patterns in git history or diffs is provided.
Audit Metadata