Git
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- PROMPT_INJECTION (HIGH): The skill exposes the agent to Indirect Prompt Injection (Category 8) by providing instructions to interact with external data sources without safety constraints. * Ingestion points: The documentation of 'git clone ' and 'git pull' in SKILL.md encourages the ingestion of untrusted external repository data. * Capability inventory: The skill provides powerful side-effect capabilities including 'git push' (network exfiltration), 'git config' (environment modification), and 'git commit'. * Boundary markers: There are no instructions or markers to delimit external content or warn the agent to ignore instructions found within repositories. * Sanitization: No validation or sanitization of repository content is suggested. Malicious repository content (e.g., in a README or code comment) could trigger these capabilities.
- COMMAND_EXECUTION (MEDIUM): The skill documents several shell-based commands that can be destructive if the agent is manipulated by malicious input. Specifically, 'git clean -fd' and 'git reset --hard' can cause irreversible data loss on the host system.
- EXTERNAL_DOWNLOADS (LOW): Documents 'git clone' as a core feature. While necessary for the skill's purpose, it serves as the primary entry point for untrusted content into the agent's execution environment.
Recommendations
- AI detected serious security threats
Audit Metadata