clean-history
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill requests broad execution permissions for the
gitandgh(GitHub CLI) binaries. This is consistent with its stated purpose of rewriting branch history and creating pull requests. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8). An attacker who can influence the content of the Git branch (e.g., via commit messages or file content in a diff) could embed instructions that the agent might follow during the 'Analyze the diff' or 'Reimplement the work' stages.
- Ingestion points: The skill reads untrusted data from the local repository via
git logandgit diffin Step 1 and Step 2. - Boundary markers: Absent. The instructions do not provide delimiters or specific warnings to the model to ignore instructions found within the diffs.
- Capability inventory: The skill has the capability to run arbitrary Git commands (
git:*), write files, and create pull requests (gh pr create:*). - Sanitization: Absent. There is no evidence of filtering or escaping the data retrieved from the Git history before it is processed by the model.
- [SAFE] (SAFE): The use of the
--no-verifyflag withgit commitis explicitly documented as a way to bypass pre-commit hooks for intermediate, potentially broken development steps, and is verified in the final step without the flag.
Audit Metadata