sync
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses authoritative directives to override the agent's standard response protocols, mandating that a specific ASCII art banner and tagline be displayed immediately before any other action.
- [COMMAND_EXECUTION]: The skill executes a sequence of bash-based git commands via a subagent to manage repository state, including potentially destructive operations such as branch deletion and history modification.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing untrusted data from the repository's history and metadata without sanitization.
- Ingestion points: Repository commit messages (git log), branch names (git branch), and status summary (git status) are ingested in SKILL.md.
- Boundary markers: Absent. No delimiters or instructions are provided to the agent to treat repository metadata as untrusted.
- Capability inventory: The skill utilizes a Bash subagent capable of repository modification and branch management.
- Sanitization: Absent. Content from commit messages and branch names is directly incorporated into the report without escaping.
Audit Metadata