git-journal
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (SAFE): Trigger phrases and instructions are designed for assistive documentation and do not contain patterns to bypass safety filters or override system instructions.
- [Data Exposure & Exfiltration] (SAFE): The skill only reads local git configuration (user.name) and repository status. It does not perform network operations or access sensitive files like credentials or SSH keys.
- [Command Execution] (SAFE): Local commands are executed via
subprocess.runusing hardcoded git subcommands. Arguments are not derived from untrusted external input in a way that allows shell injection. - [Indirect Prompt Injection] (LOW): The skill processes environmental data that could be influenced by an attacker and injects it into the agent's context.
- Ingestion points: Git branch names in
ensure_git_journal.pyandupdate_git_journal.py. - Boundary markers: Absent; branch names are inserted directly into markdown files under standard headers.
- Capability inventory: File system write access, local git command execution.
- Sanitization: Branch names are normalized for filesystem-safe filenames, but the raw branch name is injected into the markdown content without validation or escaping.
Audit Metadata