git-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute standard Git and GitHub CLI commands for repository management and workflow automation. All commands are consistent with the skill's stated purpose.
- [EXTERNAL_DOWNLOADS]: The skill requires the 'gh' CLI, which is a well-known service from GitHub used for pull request management.
- [SAFE]: The skill includes defensive patterns, such as a pre-commit checklist that uses grep to search for hardcoded secrets or debug statements in staged changes before committing.
- [PROMPT_INJECTION]: The skill is designed to handle user-provided git metadata and file content.
- Ingestion points: Git branch names, commit messages, and file diffs.
- Boundary markers: The skill provides instructions on naming conventions and commit structures but does not implement code-level delimiters for metadata.
- Capability inventory: Uses Bash, Read, Grep, and Glob tools for file and git operations.
- Sanitization: Implements basic validation through regex checks for branch naming conventions.
Audit Metadata