git-workflow
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its core functionality of analyzing repository changes. Malicious content within a project's files could influence the agent's behavior when it generates commit messages or determines workflow transitions.\n
- Ingestion points:
git diffandgit statusoutput as specified inreferences/git-commit.md.\n - Boundary markers: Absent. The instructions do not specify any delimiters to separate untrusted repository content from the agent's instructions.\n
- Capability inventory: Execution of Git commands and a shell script (
worktree_bootstrap.sh) capable of modifying the local file system by creating symlinks and directories.\n - Sanitization: There is no evidence of sanitization or filtering of the repository data before it is processed by the agent.\n- [COMMAND_EXECUTION]: The skill utilizes a bash script,
scripts/worktree_bootstrap.sh, which is invoked with arguments derived from the repository state. While the script employs defensive coding practices such as variable quoting, the execution of shell scripts based on environmental context presents a potential attack surface.
Audit Metadata