git-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various local commands to audit the repository state.
SKILL.mdandscripts/verify-git-workflow.shuse standard Git commands (git branch,git log,git diff,git rev-parse) and common utilities (grep,sed,awk) to verify naming conventions and file existence.checkpoints.yamlspecifies automated checks usinggh_apifor GitHub repository protection settings and LLM-based reviews that process the output ofgit log.- [EXTERNAL_DOWNLOADS]: The skill references several external development tools and repositories.
references/code-quality-tools.mdprovides instructions for downloading and installingdifftasticfrom its official GitHub releases andshfmtvia themvdan.ccGo package registry.SKILL.mdreferences the author's own repository (github.com/netresearch/git-workflow-skill) for contributions.- These downloads target well-known open-source tools and the vendor's own infrastructure, posing no inherent security risk in this context.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from the repository's commit history.
- Ingestion points: Commit messages and branch names are read into the agent's context via
git logandgit branch(referenced incheckpoints.yamlandverify-git-workflow.sh). - Boundary markers: The LLM review prompts in
checkpoints.yamllack explicit boundary markers or instructions to ignore embedded commands within the log output. - Capability inventory: The skill's environment has access to the local filesystem and the ability to execute shell scripts and Git commands.
- Sanitization: There is no evidence of filtering or escaping commit messages before they are processed by the LLM reviews.
- Although this presents a surface for indirect prompt injection if a malicious commit message is present, the risk is inherent to the auditing task and considered low severity.
Audit Metadata