git
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard Git binaries (add, commit, branch, etc.) and a local Rust-based engine (xiuxian-qianji) via cargo run to facilitate complex version control workflows.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted data from git diff output.\n
- Ingestion points: scripts/prepare.py fetches diff content via git diff --cached for analysis.\n
- Boundary markers: Staged diff content is interpolated into templates (e.g., templates/review_card.j2) using Markdown code blocks (```diff) to separate it from instructions.\n
- Capability inventory: The skill possesses write capabilities including git commit and git push, which could be triggered by malicious instructions embedded in a diff.\n
- Sanitization: There is no explicit sanitization or filtering of the diff content performed before it is provided to the LLM for analysis.\n- [DATA_EXFILTRATION]: Includes a defensive security feature in scripts/prepare.py that identifies sensitive files (e.g., SSH keys, credentials, env files) in staged changes and automatically unstages them to prevent accidental data exposure.
Audit Metadata