Skills
skills/wiseiodev/skills/gt/Gen Agent Trust Hub

gt

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection (Category 8) because it processes untrusted external content and has high-privilege write/execute capabilities.
  • Ingestion points: SKILL.md Step 1.3 and 1.4 ingest data from git status, git diff --cached, and git log.
  • Boundary markers: Absent. There are no delimiters or instructions to the agent to ignore embedded commands within the git data.
  • Capability inventory: SKILL.md Step 4 executes gt create, gt ss, and gh pr edit via the shell.
  • Sanitization: Absent. While it mentions escaping quotes for gh pr edit, it does not sanitize the logical content of the diff to prevent it from influencing the AI's generation of subsequent commands.
  • [COMMAND_EXECUTION] (MEDIUM): The skill is designed to execute arbitrary shell commands constructed by the AI.
  • Evidence: SKILL.md Section 4 instructs the agent to run gt and gh CLI tools with parameters derived from the earlier analysis phase. This creates a risk of command injection if the AI-generated strings (branch names, commit messages) are not strictly validated.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill depends on external CLI tools being installed on the system.
  • Evidence: SKILL.md Section 4 requires gt (Graphite CLI) and gh (GitHub CLI). While these are standard tools, the skill fails to verify their integrity or provide a safe execution environment.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:19 AM