git
Fail
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The workflow definition in
workflows/smart_commit.tomlconstructs shell commands using string interpolation of tool arguments. - Input variables
project_rootandfinal_messageare embedded into command strings likecd '{{project_root}}'andgit commit -m "{{final_message}}"within the Qianji engine. - Lack of sanitization for shell metacharacters (e.g., quotes, semicolons) allows an attacker to execute arbitrary commands on the underlying system.
- [COMMAND_EXECUTION]: The skill makes extensive use of the
subprocessmodule to execute system commands across almost all operational scripts. - Scripts such as
add.py,branch.py,commit.py,remote.py, andstash.pywrap git CLI calls, passing arguments directly from the AI agent's context to the shell. - [EXTERNAL_DOWNLOADS]: The
smart_commitcommand executescargo run, which is used to launch a local Rust-based engine. - This process may download, update, and compile external dependencies from registries like crates.io at runtime, bypassing static analysis of the skill's own code.
- [COMMAND_EXECUTION]: The skill integrates with
lefthookinscripts/prepare.pyto run pre-commit hooks. - This mechanism allows the execution of arbitrary scripts defined within the repository being managed, which could lead to code execution if the repository contains malicious hook configurations.
Recommendations
- AI detected serious security threats
Audit Metadata