Skills
skills/a-green-hand-jack/ml-research-skills/safe-git-ops/Gen Agent Trust Hub

safe-git-ops

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Documentation in references/commit-paths.md directs the agent to install additional skills using npx skills add a-green-hand-jack/ml-research-skills, which downloads code from a repository belonging to the author.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute shell commands, including Git operations and local Python scripts like scripts/validate_skills.py and scripts/prepare_sidecar_task.py for repository validation and maintenance.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted Git data that could contain malicious instructions.
  • Ingestion points: Repository metadata enters the context via git status, git log, git diff, and git show (documented in SKILL.md and references/commit-paths.md).
  • Boundary markers: Absent. The instructions do not define delimiters or provide warnings to the agent to ignore instructions embedded in the Git output.
  • Capability inventory: The agent has access to powerful tools including Bash, Write, Edit, and Glob, which could be exploited if an attacker embeds instructions in commit messages or file diffs.
  • Sanitization: Absent. There is no logic provided to sanitize or validate the content of the repository metadata before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 08:52 PM