git-mastery
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to have the agent review and process external, untrusted data found in git commit messages and pull request descriptions. 1. Ingestion points: Git history and PR metadata accessed during 'Git Mastery' tasks (SKILL.md). 2. Boundary markers: Absent; there are no instructions to use delimiters or ignore embedded instructions within the git data. 3. Capability inventory: The skill has the capability to modify repository configurations, git hooks, and CI/CD pipelines (references/release-automation.md). 4. Sanitization: Absent; no escaping or validation steps are provided for the text ingested from the repository history.
- Command Execution (SAFE): The skill contains standard git commands for repository optimization and management (e.g., git config, git clone, git rebase).
- External Downloads (SAFE): The skill references well-known, legitimate automation packages from the npm registry (semantic-release and its official plugins) for use in CI/CD environments.
Audit Metadata