sc-git
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill uses a bash tool to perform Git operations. This presents a risk of command or argument injection if the agent uses unsanitized strings from the repository environment, such as branch names or user-provided commit message components, when constructing these commands.
- [PROMPT_INJECTION] (LOW): The skill demonstrates a clear surface for Indirect Prompt Injection (Category 8) by design. It analyzes repository content to 'Optimize' messages and 'Validate' changes. Ingestion points: Git diffs, repository source files, and commit history in the SKILL.md behavioral flow. Boundary markers: Absent; there are no instructions to use delimiters or ignore instructions embedded in the analyzed code. Capability inventory: Bash shell access, external tool calls via Rube MCP (GitHub, Slack, Jira), and analysis via PAL MCP. Sanitization: Not specified in the skill definition.
- [DATA_EXFILTRATION] (LOW): The Rube MCP integration allows the agent to send data to external services like Slack, Jira, and GitHub. This capability could be exploited if malicious data in a repository triggers the agent to send sensitive local information or repository metadata to an attacker-controlled external channel.
Audit Metadata