git-workflow-automator
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill automates Git workflows by executing several local system commands including 'git', 'gh' (GitHub CLI), and 'npx'. These are used to manage branches, stage changes, commit code, and interact with remote repositories.
- [EXTERNAL_DOWNLOADS]: The skill uses 'npx changeset add' in SKILL.md to manage project versioning. This command dynamically fetches and executes the '@changesets/cli' package from the npm registry, a well-known service for JavaScript dependencies.
- [DATA_EXFILTRATION]: The skill performs 'git push' to transmit staged changes to a remote repository ('origin'). This is a core part of its intended functionality but constitutes data transmission to an external source.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it analyzes untrusted content from the local environment.
- Ingestion points: Processes staged code changes via 'git diff --cached' (SKILL.md).
- Boundary markers: No specific delimiters or isolation markers are used to separate the diff content from the agent's instructions.
- Capability inventory: The skill possesses the capability to execute shell commands such as 'git commit', 'git push', and 'gh pr create' (SKILL.md).
- Sanitization: The skill does not implement sanitization or filtering of the code diff content before using it to generate commit messages and pull request descriptions, which are then used as arguments in shell commands.
Audit Metadata