Skills
skills/nangongwentian-fe/agent-skills/git-rebase-workflow/Gen Agent Trust Hub

git-rebase-workflow

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill utilizes high-privilege Git commands including git push --force-with-lease and git checkout --ours/--theirs. These commands can lead to data loss or overwriting remote repository history if misused or triggered by malicious input.
  • [PROMPT_INJECTION] (HIGH): Identifies a significant vulnerability surface for Indirect Prompt Injection (Category 8).
  • Ingestion points: The skill reads external file content via grep and git status during conflict resolution.
  • Boundary markers: None. The instructions do not define delimiters or warnings to ignore instructions found within conflict blocks (<<<<<<<, =======, >>>>>>>).
  • Capability inventory: The agent has the ability to modify files (git checkout, git add), continue processes (git rebase --continue), and perform network operations (git push).
  • Sanitization: None. The skill assumes the 'conflicts' are legitimate code rather than adversarial instructions. An attacker-controlled branch could use conflict markers to inject commands that the agent might execute while attempting to resolve the rebase.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 07:07 AM