git-master
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes numerous local shell commands to manage Git repositories, including operations that modify history such as
git rebase,git reset --hard, andgit push --force-with-lease. These operations are fundamental to the skill's purpose as a Git automation assistant and are accompanied by logic-based safety guidelines for the agent.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and analyzes potentially untrusted data from the Git history to determine commit styles and languages.\n - Ingestion points: In
SKILL.md, the agent executesgit log -30andgit blameto extract commit messages and author information for analysis.\n - Boundary markers: The skill does not implement boundary markers or instructions to ignore potential commands embedded within the commit messages it reads.\n
- Capability inventory: The skill possesses significant capabilities, including the ability to execute shell commands, rewrite history, and push changes to remote servers.\n
- Sanitization: There is no evidence of sanitization or filtering applied to the commit messages before the agent processes them.
Audit Metadata