rebase
Warn
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs shell commands like
git fetch <remote>andgit rebase <target>using input from the$ARGUMENTSvariable. The parsing instructions do not include any steps to sanitize or validate this input, allowing for potential command injection if a user provides arguments containing shell control characters such as;or&&. - [PROMPT_INJECTION]: The skill processes external data from git commit logs and conflicting files to make decisions during conflict resolution. This exposes the agent to indirect prompt injection risks.
- Ingestion points: Output from
git log -pand the contents of files marked as having conflicts. - Boundary markers: None specified to separate data from instructions.
- Capability inventory: The
Bashtool is used for executing git commands and managing the repository state. - Sanitization: There is no evidence of sanitization or escaping of the data retrieved from the git repository before it is used by the agent.
Audit Metadata