Skills
skills/neekolas/claude-skills/working-with-graphite/Gen Agent Trust Hub

working-with-graphite

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute commands via the gt (Graphite), gh (GitHub), and git binaries. These permissions are necessary for the skill's primary purpose of branch and pull request management. Instructions specify safe usage patterns such as amending commits, restacking branches, and submitting draft PRs.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes external data by reading existing pull request descriptions and source code files.
  • Ingestion points: Data enters the context via the Read tool and gh CLI when viewing existing PR content.
  • Boundary markers: No explicit XML delimiters or boundary markers are defined for the ingested text.
  • Capability inventory: The skill has the capability to execute shell commands (gt, gh, git) and modify files.
  • Sanitization: There is no explicit sanitization of the read content before it is processed or presented to the user.
  • Note: This represents a standard attack surface for productivity tools; the risk is mitigated by the requirement for explicit user consent before submitting PRs or descriptions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 07:04 PM