git-history-analyzer
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell-based git commands (log, blame, shortlog) to analyze repository evolution. This is the intended purpose, but it presents a surface for command injection if input parameters like file paths or search keywords are not sanitized by the agent implementation.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. 1. Ingestion points: Git log and git blame read commit messages and file contents from the repository. 2. Boundary markers: Absent. 3. Capability inventory: Shell execution (git), file read, grep, and glob. 4. Sanitization: Absent. Malicious instructions embedded in commit history could potentially influence agent behavior when the history is processed.
Audit Metadata