Skills
skills/blogic-cz/blogic-marketplace/git-workflow/Gen Agent Trust Hub

git-workflow

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing untrusted data from GitHub PR reviews and comments. In SKILL.md, Phase 3 and 4 retrieve external content using bun gh-tool pr threads and bun gh-tool pr issue-comments. The agent is instructed to "auto-apply" suggestions for bugs, style, or security fixes without user confirmation, enabling a scenario where malicious instructions in a comment could lead to unauthorized code changes being committed and pushed.
  • Ingestion points: PR review threads and issue comments in SKILL.md.
  • Boundary markers: None; the agent is told to directly parse and act on suggestions.
  • Capability inventory: git commit, git push, and bun gh-tool pr reply-and-resolve across SKILL.md and references/push-branch-sync.md.
  • Sanitization: None.
  • [COMMAND_EXECUTION]: The workflow involves extensive use of shell commands. It uses standard git for repository management and custom CLI tools like bun gh-tool for GitHub operations and but (GitButler) for branch synchronization as described in references/push-branch-sync.md.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 04:34 AM
Security Audit — agent-trust-hub — git-workflow