configure-git-webserver
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- SAFE (SAFE): No security issues were identified. The skill contains legitimate administrative guidance for setting up repositories and web deployment automation.
- INDIRECT_PROMPT_INJECTION (LOW): The setup describes a system that ingests external data (via Git push) and triggers execution of a post-receive script. This is the intended functionality of the deployment system.
- Ingestion points: Untrusted data enters the system via
git pushinto the bare repository. - Boundary markers: None identified in the provided templates.
- Capability inventory: The
post-receivehook is a shell script with execution capabilities; the example usesgit checkout. The skill also suggests running web servers such aspython3 -m http.server. - Sanitization: The hook script includes basic logic to parse and validate branch names (
mainormaster) before action.
Audit Metadata