git-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill automates several shell-based operations using
git,gh(GitHub CLI), and a local Python script. Specifically, it is configured to perform agit pushautomatically after every commit without requesting user confirmation, which could lead to unintended code being published if the agent is misled by previous tasks. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from the local repository environment.
- Ingestion points: The skill reads data from
git remote get-url originand commit message content via the.git/COMMIT_EDITMSGfile. - Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the data being processed.
- Capability inventory: The skill has the capability to perform write operations to the repository, including
git commit,git push,gh pr create, andgh release create. - Sanitization: While
scripts/validate_commit.pyperforms regex-based format validation, it does not sanitize the input for malicious instructions or shell-injection characters that could influence the agent's next steps.
Audit Metadata