gitflow
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODECOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill instructs the agent to read raw logs from CI/CD pipelines (GitHub Actions and GitLab CI), which is a known vector for indirect prompt injection if an attacker can control build output (e.g., via a Pull Request).
- Ingestion points: CI/CD log retrieval via
gh run view --logandglab ci traceinSKILL.md. - Boundary markers: None identified; logs are ingested as unstructured text.
- Capability inventory: The skill allows the agent to execute git commands, push code, and rerun CI jobs.
- Sanitization: None; the agent processes raw log output which may contain malicious instructions.
- Persistence Mechanisms (LOW): The documentation suggests modifying
~/.gitconfigto add a persistent git alias. While this is a standard developer practice, it technically falls under configuration persistence patterns. - Data Exposure (SAFE): While the skill reads logs that might accidentally contain secrets (PII/Tokens), it does not target specific sensitive files (like
.ssh/id_rsa) or exfiltrate data to unauthorized third parties.
Audit Metadata