git-sync
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted data from the local file system and git metadata which creates a potential surface for indirect prompt injection. 1. Ingestion points: Repository branch names, remote URLs, and directory paths in the 'spaces/' directory are read by the 'sync.py' script. 2. Boundary markers: Absent in the provided skill definition. 3. Capability inventory: The skill has 'Bash', 'Read', and 'Glob' permissions, allowing it to execute scripts and read files. 4. Sanitization: Not visible in the provided markdown file.
- Command Execution (SAFE): The skill executes a local Python script ('.claude/skills/git-sync/scripts/sync.py') to perform its primary function. This is standard behavior for an agent skill and does not involve downloading or executing remote code from untrusted sources.
Audit Metadata