git-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill aligns with common development practices and includes defensive checks to prevent accidental inclusion of secrets in commits.
- [COMMAND_EXECUTION]: The skill utilizes git, gh (GitHub CLI), and npm commands to automate branch management, commits, and pull requests. These actions are triggered by explicit user requests and include confirmations for destructive or significant operations.
- [PROMPT_INJECTION]: The skill ingests data from the local repository (via git diff and git log) to generate contextual commit messages and pull request summaries. This presents a surface for indirect prompt injection from codebase content. 1. Ingestion points: Repository metadata and diffs (SKILL.md). 2. Boundary markers: None identified. 3. Capability inventory: Command execution for git commit, git push, and gh pr create (SKILL.md). 4. Sanitization: Relies on manual user review of generated content before execution.
Audit Metadata