git-repo-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several shell commands to gather repository metadata and structure, including 'git log', 'git shortlog', 'git branch', 'git tag', 'ls', and 'fd'. These are used within the primary scope of repository documentation.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it reads and processes arbitrary content from external git repositories.
- Ingestion points: Reads contents of 'README.md', 'LICENSE', 'CONTRIBUTING.md', 'CHANGELOG.md', and source code files (Phase 1 and Phase 3).
- Boundary markers: The instructions do not define boundary markers or 'ignore embedded instructions' warnings for the data being read.
- Capability inventory: The skill uses subprocess calls to execute 'git', 'ls', 'fd', 'ast-grep', and 'ripgrep' (SKILL.md).
- Sanitization: There is no evidence of sanitization or filtering applied to the external content before it is processed by the agent.
Audit Metadata