git-student-analysis
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell scripts (
scripts/run_analysis.sh,scripts/extract_commits.sh) and Python scripts (scripts/analyze.py,scripts/generate_md.py,scripts/generate_xlsx.py) to extract metadata from Git history and generate reports. These operations are performed on the repository being analyzed and are essential to the skill's stated purpose.\n- [EXTERNAL_DOWNLOADS]: The skill clones Git repositories from user-provided URLs usinggit cloneinSKILL.md. Additionally,scripts/setup_venv.shdownloads and installs well-known Python dependencies (pandas,openpyxl,python-dateutil) from the official PyPI registry to support data processing and Excel generation. All external resources are standard for the tool's functionality.\n- [PROMPT_INJECTION]: Indirect prompt injection surface identified through the processing of untrusted repository data.\n - Ingestion points: The skill ingests untrusted data from Git repository history, including commit messages and code diffs, which are fetched via
git cloneor read from a local path.\n - Boundary markers: The LLM analysis prompt defined in
references/llm-diff-analysis.mduses structured sections (e.g.,Diff: {diff_content}) and JSON response requirements, but lacks advanced delimiters to isolate the untrusted diff content from the system instructions.\n - Capability inventory: The agent has capabilities to execute local scripts, read files from the analyzed repository, and write report files to the local directory.\n
- Sanitization: There is no evidence of sanitization or escaping of commit messages or code diffs before they are interpolated into the LLM prompts for qualitative analysis.
Audit Metadata