smart-rebase
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data in the form of git commit messages, which are interpolated into the analysis report used by the agent to determine the rebase strategy. This presents an indirect prompt injection surface.
- Ingestion points: Commit messages are ingested from the local git history using
git logandgit cherrywithin thescripts/smart-rebase-analyze.shscript. - Boundary markers: The script attempts to structure data as JSON before the agent parses it into a Markdown table for the user.
- Capability inventory: The skill possesses the ability to execute
git rebase --ontoand other git commands via theBashtool. - Sanitization: The analysis script performs basic escaping of double quotes in commit messages using
sed, though it does not handle other potential JSON-breaking characters like newlines or backslashes. - [COMMAND_EXECUTION]: The skill generates and can execute
git rebaseandgit pushcommands. It includes instructions to ensure these commands are only executed with explicit user authorization and contains logic to prevent operations on shared branches likemainordevelop. - [EXTERNAL_DOWNLOADS]: The
scripts/smart-rebase-analyze.shscript performs agit fetch originoperation to synchronize the local state with the remote repository. This is a standard and necessary operation for the skill's stated purpose of branch analysis.
Audit Metadata