Skills
skills/profpowell/vanilla-breeze/git-workflow/Gen Agent Trust Hub

git-workflow

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill contains command templates that interpolate untrusted external data directly into shell commands, creating a surface for indirect prompt injection.
  • Ingestion points: Data is retrieved from the bd issue tracking tool and manual UAT files.
  • Boundary markers: There are no instructions to use delimiters or ignore embedded instructions when processing data from the bd tool or UAT responses.
  • Capability inventory: The skill is granted access to the Bash tool, along with Read, Write, and Edit, which could be exploited to execute arbitrary code if an attacker provides a malicious issue ID (e.g., ; rm -rf /).
  • Sanitization: The instructions do not specify any validation or escaping for variables like {issue-id} or {description} before they are executed in a shell environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 06:11 AM