Skills
skills/0xdarkmatter/claude-mods/git-ops/Gen Agent Trust Hub

git-ops

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted external data and interpolates it directly into subagent prompts without boundary markers or sanitization.
  • Ingestion points: Untrusted data enters the context through git log (commit messages), gh pr view (PR titles and descriptions), and git show or cat (file contents during conflict resolution).
  • Boundary markers: The dispatch templates in SKILL.md use simple string interpolation (e.g., {user intent}, {relevant summary}) without using XML-like tags, delimiters, or explicit instructions for the subagent to ignore embedded commands within that data.
  • Capability inventory: The git-agent and its fallback general-purpose agent have the capability to perform write operations, including committing code, pushing to remotes, and deleting branches/tags via the Bash tool.
  • Sanitization: No sanitization, escaping, or validation logic is applied to the retrieved Git metadata or file contents before they are passed to the subagent.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute a wide range of Git and GitHub CLI (gh) commands. This includes the execution of local scripts if the user or agent utilizes the git bisect run functionality documented in references/advanced-git.md.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 04:52 PM
Security Audit — agent-trust-hub — git-ops