Git Workflows
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard git CLI operations and bundled utility scripts for repository status and push operations. These actions are consistent with the skill's intended purpose and are restricted to the local environment and configured remotes.
- [PROMPT_INJECTION]: The skill processes untrusted data from the git environment, presenting a surface for indirect prompt injection. Ingestion points: Git branch names, commit messages, and repository file contents during conflict resolution. Boundary markers: Not explicitly present in the provided scripts. Capability inventory: Executes git commands via shell subprocesses. Sanitization: The skill documents and implements strict validation rules for branch names and file paths to mitigate shell injection and directory traversal risks.
- [SAFE]: The skill includes specific warnings and guidance to prevent the accidental staging and committing of sensitive files such as .env, demonstrating a focus on security best practices.
Audit Metadata