git
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs automated Git operations such as
git push --force-with-lease,git commit --amend, andgit add -f. These actions are necessary for the rebase and CI autofix workflows described in the instructions. - [EXTERNAL_DOWNLOADS]: The skill uses
npxto execute the@codevoyant/agent-kitpackage, which is a tool provided by the skill's author (cloudvoyant). This involves downloading the package from the official NPM registry during execution. - [SAFE]: The skill implements a security check in the commit workflow to warn users if sensitive files like
.envor credentials are staged for commitment. - [PROMPT_INJECTION]: The skill contains surfaces for indirect prompt injection in its CI monitoring (
references/workflows/ci.md) and rebase conflict resolution (references/workflows/rebase.md) logic. - Ingestion points: Reads CI build logs via
gh run view --log-failedand source code file content viacatduring conflict resolution. - Boundary markers: None explicitly defined in the prompts to separate external content from instructions.
- Capability inventory: Uses
git commit,git push --force-with-lease, and automated task runners (format,lint). - Sanitization: No specific sanitization or filtering of log content or code markers is performed before processing.
Audit Metadata