git-workflow
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill creates a vulnerability surface by instructing the agent to ingest untrusted external data (PRD.md, CHANGELOG.md) and perform logic checks that influence subsequent actions. • Ingestion points: Read tool usage for documentation files (PRD.md, CHANGELOG.md). • Boundary markers: Absent. No delimiters are specified to separate external content from instructions. • Capability inventory: Bash for command execution and Read for file access are available to the agent. • Sanitization: Absent. No evidence of content filtering or validation.
- Command Execution (MEDIUM): The skill instructs the use of the Bash tool to run project-specific commands such as poetry run pre-commit and pytest. These are executed in the agent context and could be abused if the agent is influenced by malicious instructions in the processed files.
- Privilege Escalation (LOW): The troubleshooting section suggests using chmod +x on files in the .git/hooks/ directory. While common in development, modifying file permissions is a sensitive operation.
Recommendations
- AI detected serious security threats
Audit Metadata