git-workflow
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): The skill contains strong override markers and mandatory directives such as '⚠️ 關鍵規則
- 必須遵守' (Key rules
- must follow) and '🚫 絕對禁止的操作' (Absolutely forbidden operations). These instructions are designed to supersede user commands or agent logic regarding branch management and file modification.
- [COMMAND_EXECUTION] (MEDIUM): The skill specifies a command sequence
lsof -ti:3000 | xargs kill -9to terminate processes on a specific port. Granting an AI agent the capability to executekillcommands poses a risk of local denial of service if the agent is manipulated into targeting critical system processes. - [INDIRECT_PROMPT_INJECTION] (MEDIUM): The skill is intended to be active during tasks like 'code review', which involves processing untrusted external data. Since the skill grants the agent write-access capabilities (e.g.,
git push,git commit) and process management (kill), it creates a surface where malicious PR content could potentially influence these actions. - [DATA_EXFILTRATION] (LOW): The workflow involves
git pushoperations to a remote 'origin'. While standard for development, this represents an external data transfer capability that should be monitored to ensure the remote destination is a trusted repository. - [COMMAND_EXECUTION] (LOW): The skill includes instructions to run
pnpm dev, which executes a local development server. This is a common development action but constitutes dynamic code execution in a local environment.
Audit Metadata