git-workflow
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a wide range of shell commands to automate development tasks. This includes Git operations (commit, push, merge, checkout), GitButler operations for workspace management (but snapshot, teardown, setup), and PR interactions using a local gh-tool utility. These commands are chained to minimize user interruption while maintaining workflow flow.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to fetch and automatically process instructions contained in external PR review comments.
- Ingestion points: Fetches untrusted data from GitHub via
bun run gh-tool pr threadsandbun run gh-tool pr issue-comments-latest(SKILL.md). - Boundary markers: The instructions do not define delimiters or specific "ignore external instructions" guardrails for the fetched comment text.
- Capability inventory: The skill has file-write capabilities, can execute the project's validation suite (
bun run check), and can push code changes back to the remote repository (SKILL.md). - Sanitization: No content sanitization or validation of the fetched comment strings is described prior to the agent evaluating them for code changes.
Audit Metadata