git-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its Trend Awareness Protocol. 1. Ingestion points: Web search results and the 'data/sources.json' file. 2. Boundary markers: Absent; the instructions do not specify delimiters to separate untrusted external content. 3. Capability inventory: Use of local 'git' commands and 'npx standard-version'. 4. Sanitization: Absent; external data is not filtered or escaped before processing.
- [COMMAND_EXECUTION]: Lists standard Git CLI operations and the 'npx standard-version' utility. These are informational and appropriate for the skill's technical domain.
- [EXTERNAL_DOWNLOADS]: References 'npx standard-version', a well-known package from the public registry. This is documented as a safe reference to a well-known tool.
Audit Metadata