Skills
skills/krosebrook/source-of-truth-monorepo/git-pushing/Gen Agent Trust Hub

git-pushing

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection vulnerability (Category 8). The skill reads external content via git diff to analyze changes. Evidence: 1. Ingestion point: git diff output in the 'Create Commit Message' step. 2. Boundary markers: Absent; raw diff content is processed. 3. Capability inventory: Commands like git push (network access) and git add (file state modification) are available. 4. Sanitization: Absent; no filtering or escaping of the diff content is performed. This allows malicious code comments to influence the agent's behavior.
  • [DATA_EXFILTRATION] (HIGH): The skill uses git push to send data to remote repositories. While a standard feature, it serves as an exfiltration vector if sensitive files are accidentally staged or if the agent is manipulated into pushing to an external, attacker-controlled remote.
  • [COMMAND_EXECUTION] (MEDIUM): The skill uses git add . to stage all changes. This is a best-practice violation as it may inadvertently stage sensitive files (credentials, keys, or .env files) not covered by a .gitignore, making them available for the subsequent push.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:52 PM