git-reconciler
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from the Git environment that could contain malicious instructions for the agent.\n
- Ingestion points: Data from
git log,git diff,git status, andgit branch(including branch names, commit messages, and file contents) are read from the local repository and its remotes into the agent's context.\n - Boundary markers: The skill lacks explicit delimiters or instructions to the agent to disregard potential commands embedded within the Git output, which could lead to the agent following instructions found in commit messages.\n
- Capability inventory: The agent utilizes the
Bashtool and has the capability to modify the local filesystem via commands likegit mergeandgit rebase.\n - Sanitization: No sanitization, filtering, or validation is performed on the data retrieved from Git commands before it is processed or presented to the agent.\n- [COMMAND_EXECUTION]: The skill executes standard Git commands via
Bashto manage branch state and resolve conflicts. These operations are restricted to the local repository and are essential to the primary purpose of the skill.\n- [EXTERNAL_DOWNLOADS]: The skill performs network operations usinggit fetchto retrieve updates from remote repositories. This behavior is expected for a Git synchronization tool and targets the user's configured remotes.
Audit Metadata