Skills
skills/elvisbrevi/yitpush/yp/Gen Agent Trust Hub

yp

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Installs the YitPush CLI tool from the NuGet gallery via the dotnet tool install -g YitPush command.
  • [COMMAND_EXECUTION]: Executes shell commands via the yp utility to automate git workflows and manage Azure DevOps work items, including commits, branch checkouts, and task updates. It also utilizes the Azure CLI (az) for DevOps integration.
  • [PROMPT_INJECTION]: The skill processes untrusted inputs from git diffs and repository data to generate AI-driven content, presenting a surface for indirect prompt injection.
  • Ingestion points: Git diffs and PR metadata accessed via the yp commit and yp pr commands.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the skill prompt structure.
  • Capability inventory: Includes capabilities to perform git commits, pushes, and repository management, as well as updating Azure DevOps tasks and stories.
  • Sanitization: The skill instructions do not specify sanitization or validation of the ingested git diff or PR content before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 11:48 AM