smart-revert
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the AI agent to execute Git and text-processing commands through the Bash tool using inputs extracted from local files.
- Evidence: Instructions describe using 'git revert', 'git log', and 'grep' to identify and undo commits.
- [PROMPT_INJECTION]: The skill's reliance on untrusted repository data creates a surface for indirect prompt injection (Category 8).
- Ingestion points: The agent parses 'plan.md', 'tracks.md', and Git commit history (via 'git log') to identify targets for revert operations.
- Boundary markers: The instructions do not define delimiters or provide 'ignore instructions' warnings for the content being processed from external files.
- Capability inventory: The agent possesses 'Bash', 'Write', and 'Edit' capabilities, which could be triggered or influenced by the content found in the ingested files.
- Sanitization: While regex is used to extract hex commit SHAs, the broader logic for identifying related commits based on commit message similarity is an unsanitized path that could be influenced by malicious content in the Git history.
- [NO_CODE]: The skill bundle is incomplete and contains non-functional code components.
- Evidence: 'scripts/main.cjs' is a scaffold that terminates with an error message. Additionally, the documentation refers to a missing utility script located at './.claude/lib/utils/logical-unit-tracker.cjs' which is not included in the provided file list.
Audit Metadata