Skills
skills/smartworkx/dev-context/feature-branch/Gen Agent Trust Hub

feature-branch

Fail

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to command injection through user-controlled data.
  • Ingestion points: User input for the branch name collected in Step 1.
  • Boundary markers: Absent; the branch name is directly interpolated into the shell command string in Step 3.
  • Capability inventory: Execution of shell commands via the Bash tool, including git fetch and git worktree add.
  • Sanitization: Absent; the skill provides no instructions to validate, escape, or sanitize the user-provided branch name before it is used in a command. This allows a user to terminate the intended command and execute arbitrary bash commands.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform file system and git operations. It specifically instructs the agent to create directories outside the current working directory (../), which increases the risk surface when combined with the lack of input validation.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 29, 2026, 10:39 PM