git-master
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is susceptible to malicious instructions embedded in the data it processes. (1) Ingestion points: User input is directly interpolated via {{ARGUMENTS}} in SKILL.md. Additionally, the 'Style detection' feature reads repository history, which is an external data source. (2) Boundary markers: Absent. There are no delimiters or instructions to the LLM to ignore commands found within the data. (3) Capability inventory: The subagent has capabilities for interactive rebasing and branch manipulation, which involve high-impact write operations to the local repository. (4) Sanitization: Absent. No input validation logic is present.
- Command Execution (MEDIUM): The skill's functionality relies on executing Git commands. Without proper constraints, Git CLI features (like alias or rebase -x) could potentially be exploited to execute unintended commands if the subagent's logic is bypassed via injection.
Recommendations
- AI detected serious security threats
Audit Metadata