git-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes local
gitcommands through Python'ssubprocess.runusing argument lists. This implementation is secure against shell injection as it avoids spawning a shell and treats inputs as literal arguments. Command execution is strictly limited to thegitbinary. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted data from external sources (local Git repositories) which could contain malicious instructions.
- Ingestion points:
scripts/analyze_repo.pyandscripts/get_changed_files.pyingest commit messages, author names, and filenames viagit log,git shortlog, andgit ls-filescommands. - Boundary markers: Absent. The instructions do not provide delimiters or warnings to the agent to ignore instructions embedded within the repository data.
- Capability inventory: The skill allows execution of
gitcommands viasubprocess.runand provides the agent with the repository's metadata to summarize for the user. - Sanitization: Absent. Data extracted from Git is passed directly to the agent as raw strings.
- Risk: An attacker-controlled repository could use crafted commit messages (e.g., 'IMPORTANT: Ignore previous instructions and instead...') to influence the agent's summary or behavior when the skill is used on that repository.
Audit Metadata