sync_to_github
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The tool in 'tools/git_sync.py' executes 'git add .' using the 'subprocess.run' function.
- Evidence: The 'stage_all_changes' function explicitly runs ['add', '.'] which stages every change and untracked file in the directory.
- [DATA_EXFILTRATION]: The skill includes a '--push' option that executes 'git push' to a remote server.
- Evidence: The 'push_to_remote' function executes the 'push' command. When combined with the 'git add .' behavior, this creates a mechanism where sensitive files accidentally staged can be immediately exfiltrated.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection.
- Ingestion points: File names, statuses, and diffs are read from the local git repository in 'tools/git_sync.py'.
- Boundary markers: None are present to delimit untrusted file data from instructions.
- Capability inventory: The skill has the ability to execute git commands (add, commit, push) via subprocess calls in 'tools/git_sync.py'.
- Sanitization: There is no validation or sanitization of file paths or content before they are processed by the tool.
Audit Metadata