git-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various git commands and local Python scripts. It uses a secure heredoc pattern (
cat <<'EOF') when executinggit committo prevent shell injection vulnerabilities from the generated commit message text. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from the repository (git logs, diffs, and source code) to generate summaries and recommendations.
- Ingestion points: Data enters the agent context through
git diff --cached,git log, and by reading conflicted or archaeological source files. - Boundary markers: The skill uses structured JSON output from its helper scripts and shell heredocs to isolate data from commands.
- Capability inventory: The skill can perform
git commit,git bisect(which checks out different commits), and read any file within the repository. - Sanitization: Input from git commands is parsed into structured JSON by
commit-parser.pyanddiff-summarizer.pybefore being processed by the LLM.
Audit Metadata