git-teacher-review
Warn
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs and executes shell commands using unvalidated user input provided during the '작업 설명' (work description) step.
- Evidence: In Step 5, the skill executes
git commit -m "사용자가 입력한 작업 설명"where the description is directly interpolated into a quoted string. - Evidence: In Step 6, the skill executes
gh pr create --title "사용자가 입력한 작업 설명", similarly using user-provided text as a command argument. - Risk: If the user provides input containing shell metacharacters such as backticks, dollar signs, or semicolons (e.g.,
feature"; rm -rf / #), it could lead to arbitrary code execution depending on how the agent platform handles command interpolation. - [COMMAND_EXECUTION]: The skill performs automated branch manipulation and history modification that could lead to data loss if state checks fail.
- Evidence: Step 4 includes
git reset --soft HEAD~{미전송 commit 수}on the main branch. - Risk: This command destructively modifies the history of the main branch based on a calculated commit count. While intended to facilitate moving work to a new branch, errors in commit counting could result in unintended repository states.
Audit Metadata