Skills
skills/terraphim/terraphim-skills/git-safety-guard/Gen Agent Trust Hub

git-safety-guard

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (HIGH): The installation instructions direct users to download a binary from the terraphim/terraphim-ai GitHub repository using the gh CLI. This organization is not on the trusted sources list, and the binary itself is not verified for integrity.
  • [COMMAND_EXECUTION] (MEDIUM): The skill sets up a PreToolUse hook that executes the downloaded binary (terraphim-agent) and shell scripts to evaluate AI-generated commands. This involves executing arbitrary code downloaded at runtime.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The guard processes untrusted data (tool_input.command) through a shell wrapper. While intended to block malicious commands, this creates an attack surface for bypassing filters.
  • Ingestion points: tool_input.command processed in git_safety_guard.sh.
  • Boundary markers: None present in the wrapper script.
  • Capability inventory: Shell execution of terraphim-agent and feedback loop to the agent.
  • Sanitization: Relies on internal regex pattern matching within the binary which cannot be statically verified.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:33 PM