git-ops
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill demonstrates secure implementation of local Git automation tasks using the Bash tool.\n
- Input Sanitization: Branch names and commit messages retrieved from the repository are consistently double-quoted when used as arguments in shell commands (e.g., "$BRANCH_NAME", "$DEFAULT_BRANCH"), protecting against command injection if repository metadata contains shell metacharacters.\n
- Safety Constraints: The cleanup logic uses Git's built-in safety mechanisms, specifically the '-d' flag for local branch deletion, which prevents the removal of branches that have not been fully merged into the default branch. It also dynamically detects and filters protected branches such as main, master, and develop.\n
- Privilege and Scope: The skill operates within the scope of the local repository and the designated origin remote. It does not attempt to escalate privileges (no sudo) or access sensitive system files (e.g., .ssh or .env).\n
- User Verification: The workflow mandates user interaction via the AskUserQuestion tool to approve any deletion actions, ensuring the agent does not act autonomously on destructive tasks.\n
- Data Ingestion Analysis (Category 8): The skill ingests data from the local Git environment, specifically branch names (Step 2) and commit history (Step 3). While boundary markers are absent in the interpolation, the potential for indirect prompt injection is mitigated by the fact that the ingested strings are handled as data within quoted shell arguments, and all high-risk operations (deletions) are subject to mandatory human confirmation.
Audit Metadata