Skills
skills/yonatangross/orchestkit/git-recovery/Gen Agent Trust Hub

git-recovery

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill processes untrusted data from the local repository (commit messages, diffs, and history) and possesses high-privilege write capabilities.
  • Ingestion points: Data enters the agent context through git log, git reflog, git show, and git diff outputs.
  • Capability inventory: The skill uses the Bash tool to execute commands like git reset --hard, git restore, and git checkout, which modify the filesystem and repository state.
  • Boundary markers: No explicit delimiters are used to isolate git output from agent instructions.
  • Sanitization: No sanitization or filtering of commit messages or file content is performed before processing.
  • Command Execution (MEDIUM): The skill executes powerful shell commands via Bash.
  • Destructive Operations: Scenarios 2, 4, 5, and 6 involve git reset --hard or git restore, which can permanently discard uncommitted changes or modify history.
  • Risk: While the skill includes safety warnings and verification steps, an attacker-controlled commit message could theoretically attempt to escape the git command context or manipulate the agent into bypassing these safeguards.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 02:12 AM