git-time-travel
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (HIGH): The skill possesses a high-risk attack surface where it ingests untrusted external content (git history) while having the authority to perform destructive or executable actions.\n
- Ingestion points: Commit messages, author metadata, and repository diffs processed during history archaeology and navigation tasks.\n
- Boundary markers: Absent. The prompt does not define delimiters or provide instructions for the agent to ignore commands embedded within the ingested git data.\n
- Capability inventory: The skill claims authority to 'manipulate git history', 'rewrite history', and 'find bugs with bisect' (which typically involves executing automated test scripts).\n
- Sanitization: Absent. No logic is provided to sanitize or validate content extracted from git logs before it is processed by the agent.\n- NO_CODE (LOW): The skill consists entirely of instructional markdown and contains no executable scripts or configuration files. This reduces the direct attack surface of the skill itself but confirms that its behavior is governed solely by role-play instructions that may be vulnerable to data-driven overrides.
Recommendations
- AI detected serious security threats
Audit Metadata