git-expert
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a Node.js wrapper (
scripts/main.cjs) to execute Git commands via thechild_process.spawnmethod. - The implementation uses
shell: falseandwindowsHide: true, which are security best practices that mitigate shell injection and unauthorized visibility on the host system. - It passes command-line arguments directly to the Git binary, allowing the agent to perform comprehensive repository management tasks.
- [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection (Category 8) due to its core function of reading and processing external repository data.
- Ingestion points: Untrusted data enters the agent's context through Git operations like
git log,git show, andgit diff, which are executed byscripts/main.cjs. - Boundary markers: The skill does not specify any boundary markers or instructions for the agent to ignore or isolate instructions that might be embedded in Git commit messages or file content.
- Capability inventory: The skill has the capability to execute subprocesses (via
scripts/main.cjs) and is instructed by the 'Memory Protocol' inSKILL.mdto write findings and decisions to the local file system (e.g.,.claude/context/memory/learnings.md). - Sanitization: There is no evidence of sanitization or validation of the data retrieved from the Git repository before it is processed or written to the agent's internal memory files.
Audit Metadata