git-structured
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of Git system commands through a JavaScript wrapper. It supports a wide range of operations including repository status, commit management, and branch control.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its requirement to process untrusted text from Git repositories.
- Ingestion points: Data from external repositories is ingested through operations like
git log,git diff, andgit status(SKILL.md). - Boundary markers: The skill returns data in a structured JSON format, which helps the agent distinguish between data and instructions, though it does not fully eliminate the risk of the model obeying embedded commands.
- Capability inventory: The skill can perform file system writes (commits), network operations (
git pushandgit pull), and repository restructuring (branch management). - Sanitization: Documentation indicates the implementation of argument sanitization and the blocking of dangerous flags such as
--exec=and--upload-pack=to prevent command injection.
Audit Metadata