git-safety
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [PROMPT_INJECTION] (SAFE): The skill does not contain instructions to override agent behavior, bypass safety filters, or reveal system prompts. It serves to restrict agent actions rather than expand them.
- [DATA_EXFILTRATION] (SAFE): While the skill mentions sensitive files (e.g.,
.env,.env.local), it explicitly forbids their modification and contains no patterns for reading or transmitting their contents over a network. - [COMMAND_EXECUTION] (SAFE): All included commands are standard, non-destructive git operations (e.g.,
git status,git log,git diff). It explicitly warns against and requires authorization for destructive commands likerm -rforgit reset --hard. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted external data in the form of git log outputs and filenames.
- Ingestion points: Reads output from
git logandgit status(SKILL.md). - Boundary markers: None present for command output parsing.
- Capability inventory: Includes
git commit,git add, andgit push(SKILL.md). - Sanitization: The skill proactively mitigates risk by instructing the agent to use double quotes for all file paths to prevent shell interpretation of special characters in filenames.
Audit Metadata