gitbutler-multi-agent
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): The coordination strategies (Strategy 2 and Status Broadcasting) recommend that agents ingest data from shared temporary files (/tmp/agent-status-*.txt) or external issue tracker comments. This creates a surface for indirect prompt injection where an attacker could influence the agent's behavior by placing malicious instructions in these shared data sources.\n
- Ingestion points: /tmp/agent-status-*.txt and external Issue Tracker Comments.\n
- Boundary markers: Not specified in the documentation templates.\n
- Capability inventory: Shell command execution of GitButler CLI commands (but commit, but rub, etc.).\n
- Sanitization: No sanitization of the external status data is addressed in the workflow.\n- [COMMAND_EXECUTION] (SAFE): The document provides standard shell commands for the GitButler CLI. These are intended for developer workflow management and do not involve suspicious parameters or unauthorized access.\n- [NO_CODE] (SAFE): The skill consists entirely of markdown documentation and configuration examples; it contains no scripts, binaries, or automated installation logic.
Audit Metadata