git-ops
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill is explicitly designed to execute shell commands for git operations (add, commit, push, pull). While it claims to use validation checks, the underlying execution logic is not provided in the SKILL.md file. There is a risk of command injection if maliciously crafted branch names or commit messages are processed without rigorous sanitization.
- [PROMPT_INJECTION] (MEDIUM): Category 8: Indirect Prompt Injection. The skill ingests untrusted data from external sources such as git commit history, branch names, and file diffs to generate 'smart' commit messages. This data could contain embedded instructions designed to override agent behavior during the message generation or workflow execution phases.
- [EXTERNAL_DOWNLOADS] (LOW): The skill references an external local file
skills/git-ops/references/git.md. While not a remote network download, the contents of this reference are not available in the current context, meaning the exact instructions or commands being loaded into the agent cannot be verified.
Audit Metadata