chatwit-upstream-sync
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches updates from the official Chatwoot GitHub repository, which is a well-known open-source service.
- [COMMAND_EXECUTION]: Uses standard Git commands (fetch, merge, push, log) to perform repository synchronization tasks, which are appropriate for the skill's devops category.
- [PROMPT_INJECTION]: The skill ingests data from external sources (git commits and code) which presents a theoretical risk of indirect prompt injection. * Ingestion points: Git history and code diffs from the upstream repository. * Boundary markers: Absent; no specific markers are used to isolate external content from instructions. * Capability inventory: Access to Git CLI, grep, and file system testing. * Sanitization: None; external content is merged directly into the codebase.
Audit Metadata