Skills
skills/lev-os/agents/gitsync/Gen Agent Trust Hub

gitsync

Fail

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/gitsync.sh uses the eval command on the code variable within the resolve_code function. This allows for arbitrary shell command execution if a project code or path includes shell metacharacters such as backticks or $(...), which could lead to unauthorized system control.
  • [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface in SKILL.md by instructing the agent to analyze git status and git diff outputs for conflict resolution. Malicious instructions embedded in a repository's file content or filenames could manipulate the agent's subsequent actions.
  • Ingestion points: Raw output from git status and git diff commands processed by the agent in File: SKILL.md.
  • Boundary markers: None. The instructions do not provide delimiters or "ignore" markers for the untrusted git output.
  • Capability inventory: The agent can execute shell commands, perform file system operations, and push changes to remote repositories (referenced in File: scripts/gitsync.sh).
  • Sanitization: No sanitization or validation logic is present to filter malicious instructions from the repository data before processing.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 7, 2026, 09:34 AM