Skills
skills/codebeltnet/agentic/trunk-first-repo/Gen Agent Trust Hub

trunk-first-repo

Warn

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill dynamically constructs shell commands using placeholders {VERSION_PREFIX}, {BRANCH_CONTEXT}, and {REMOTE_URL} in SKILL.md. These values are derived from user input defined in FORMS.md. Direct interpolation of these parameters into shell commands without escaping or validation constitutes a command injection vulnerability if the input strings contain shell metacharacters.
  • [DATA_EXFILTRATION]: The skill facilitates the configuration of a remote Git repository and an initial push operation using the user-provided {REMOTE_URL}. This capability allows the agent to establish network connections and transmit data to external servers, which could be misused if a user is socially engineered into providing a malicious remote endpoint.
  • [PROMPT_INJECTION]: The skill frontmatter includes a mandatory directive to the agent: 'ALWAYS use this skill when asked to initialize or set up a git repository.' This instruction is designed to override the agent's internal decision-making process for tool and skill selection, attempting to force the use of this specific workflow regardless of context or other available options.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 26, 2026, 01:56 PM