graphite-stack
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill utilizes the 'gt' or 'graphite' command-line interface to create and manage PR stacks. While this involves executing system commands, it is the primary intended function of the skill and is triggered by specific user requests.
- [PROMPT_INJECTION] (LOW): Vulnerable to Indirect Prompt Injection (Category 8) as it processes untrusted data from git diffs. 1. Ingestion points: Git diffs from the codebase or PRs. 2. Boundary markers: Absent. 3. Capability inventory: Command execution via Graphite CLI. 4. Sanitization: Absent.
Audit Metadata