git-repo
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several shell commands including
git,tofu, andghto perform its primary function. These operations are limited to cloning a repository, formatting configuration files, and managing Pull Requests. - [EXTERNAL_DOWNLOADS]: The skill clones a repository from
git@github.com:OlechowskiMichal/github-infrastructure.git. This resource belongs to the skill's author and is necessary for the infrastructure-as-code workflow defined in the skill. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8) because it interpolates user-provided data directly into HCL templates and shell commands.
- Ingestion points: User parameters collected in Step 1 of
SKILL.md(e.g.,name,description,status_checks). - Boundary markers: Absent; there are no delimiters or instructions provided to the agent to ignore instructions embedded within the user data.
- Capability inventory: The skill has the capability to write to the file system, execute
gitandghcommands, and push code to a remote repository. - Sanitization: Absent; the skill does not specify any validation or escaping logic for the input strings before they are used in file creation or shell execution.
Audit Metadata