Skills
skills/terraphim/opencode-skills/git-safety-guard/Gen Agent Trust Hub

git-safety-guard

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill instructs the user or agent to download a binary from the terraphim/terraphim-ai GitHub repository using gh release download. This repository and organization are not on the list of Trusted External Sources.
  • [REMOTE_CODE_EXECUTION] (HIGH): Following the download, the skill directs the user to perform chmod +x on the binary and move it to a system path (~/.cargo/bin) for execution. Running unverified binaries from untrusted sources is a high-risk activity.
  • [COMMAND_EXECUTION] (MEDIUM): The skill sets up a PreToolUse hook to intercept every shell command executed by the agent. While this is the primary stated purpose of the skill, it introduces a significant attack surface if the intercepting binary (terraphim-agent) or the wrapper script (git_safety_guard.sh) is compromised or malicious.
  • [COMMAND_EXECUTION] (LOW): The installation instructions utilize standard system commands like gh, chmod, mv, and cp. While benign in a trusted context, here they facilitate the installation of untrusted code.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:37 PM