lesson-learned
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard git commands (
git log,git diff,git show) to retrieve commit history and code changes for analysis. These operations are restricted to the local repository and are necessary for the skill's stated purpose.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from git commit messages and code diffs without using boundary markers or providing instructions to ignore embedded commands. - Ingestion points: Commit messages, git log output, and file diffs (referenced in
SKILL.mdPhase 2). - Boundary markers: None present in the instructions to separate analyzed data from agent instructions.
- Capability inventory: The agent can execute git commands and read files within the workspace.
- Sanitization: No sanitization or validation of the ingested git data is performed before processing.
Audit Metadata