Skills
skills/rlespinasse/agent-skills/local-branches-status/Gen Agent Trust Hub

local-branches-status

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads commit messages from the local repository and asks the agent to summarize them without providing boundary markers or instructions to ignore embedded commands.
  • Ingestion points: Commit messages are gathered via git log "$main_branch..$branch" --oneline in Step 3 of SKILL.md.
  • Boundary markers: The instructions lack delimiters or explicit warnings to prevent the agent from following instructions that might be embedded within commit messages.
  • Capability inventory: The skill executes several git-related shell commands (git rev-list, git log, git worktree list) to collect metadata.
  • Sanitization: No validation or filtering is applied to commit messages or branch names before they are presented to the agent for summarization.
  • [COMMAND_EXECUTION]: The skill performs shell command execution to interface with the local git repository.
  • It uses a batch loop in Step 3 of SKILL.md to efficiently gather branch metadata using git, grep, awk, and sed in a single tool call.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 09:16 PM