dub-flow
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs and executes shell commands using the
dubandgitCLI tools. It dynamically generates command strings by interpolating variables like<branch-name>and<commit-message>which are derived from the repository's current state and user interaction. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests and analyzes data that could be controlled by external actors (e.g., commit messages or code changes from other contributors).
- Ingestion points: The skill reads untrusted data via
git diff --cachedandgit log --onelineduring Phase 1 (Analyze Changes). - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat the output of Git commands as data rather than instructions.
- Capability inventory: The skill has access to execute file system operations and repository modifications through the
gitanddubcommand-line interfaces. - Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the Git repository before it is processed by the AI to suggest branch names and commit summaries.
Audit Metadata