graphite
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The instructions are focused on tool usage and do not contain attempts to override system prompts or bypass safety filters.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded secrets, credentials, or access to sensitive local file paths were identified.
- [Remote Code Execution] (SAFE): The skill does not perform any remote script downloads or piped command executions.
- [Command Execution] (SAFE): Command usage is restricted to the Graphite (
gt) CLI and standard git operations necessary for the skill's stated purpose. - [Indirect Prompt Injection] (SAFE): While the skill processes user-controlled data such as branch names and commit messages, this is inherent to its primary function as a git management tool and does not present an elevated risk in this context.
Audit Metadata