gitbutler-virtual-branches
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill invokes the GitButler CLI ('but') for repository operations. These are standard development tools and do not represent a security risk when used as intended.\n- [PROMPT_INJECTION] (LOW): Vulnerable to indirect prompt injection through repository data.\n
- Ingestion points: Processes local file content, branch names, and commit history via 'but status', 'but show', and 'but status --json'.\n
- Boundary markers: Absent; instructions do not specify delimiters to separate code content from instructions.\n
- Capability inventory: Subprocess execution of 'but' commands, repository modification, and network access via 'but push' / 'but pr'.\n
- Sanitization: No sanitization or validation of repository data is performed prior to being interpreted by the agent.
Audit Metadata