git-bisect-debugging
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill automates git operations and developer commands such as npm install and npm test. These commands are executed within the local repository context to verify code status at specific commits, which is the primary and legitimate purpose of the skill.\n- [PROMPT_INJECTION]: The skill ingests untrusted data from git history, creating a theoretical surface for indirect prompt injection.\n
- Ingestion points: Git commit messages and file contents are read via git log and git show during Phase 3.\n
- Boundary markers: Subagent prompts do not use specific delimiters or instructions to ignore instructions embedded within the commit data.\n
- Capability inventory: The skill generates and executes shell scripts and testing commands via isolated subagents.\n
- Sanitization: The skill does not describe any specific sanitization or filtering of the commit data before it is processed.
Audit Metadata