deploy-checklist
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool restricted to specific git commands including
git log,git diff, andgit show. These are used exclusively for read-only analysis of the repository history to identify changes, migrations, and dependency updates. - [PROMPT_INJECTION]: The skill has an attack surface for Indirect Prompt Injection (Category 8) because it ingests and processes untrusted data from the repository's git history.
- Ingestion points: Git commit messages, diff content, and pull request metadata are read into the agent's context during Step 1 (Analyze Changes).
- Boundary markers: The prompt does not define clear delimiters or "ignore embedded instructions" warnings for the content retrieved from git commands.
- Capability inventory: The skill's capabilities are restricted to file system reading (
Read,Glob,Grep) and git inspection; it lacks the ability to write files, execute arbitrary shell scripts, or perform network requests. - Sanitization: No explicit sanitization or filtering is performed on the text of commit messages or diffs before they are processed by the LLM.
Audit Metadata