Skills
skills/fivetaku/git-teacher/git-teacher-save/Gen Agent Trust Hub

git-teacher-save

Warn

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill constructs shell commands by interpolating unvalidated user input. In Step 5, it executes git commit -m "사용자가 입력한 메시지". If a user provides a message containing shell metacharacters (e.g., "; rm -rf /; #), it could lead to arbitrary command execution on the host system.
  • [COMMAND_EXECUTION]: The skill performs active file system modifications, including creating a .gitignore file based on project detection and performing file checkouts (git checkout --ours/--theirs {파일}) during merge conflict resolution.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface.
  • Ingestion points: Data enters the agent context via git status --porcelain and git diff --stat (SKILL.md, Step 1).
  • Boundary markers: No delimiters or instructions to ignore embedded content are used when displaying file names or diffs.
  • Capability inventory: The skill has subprocess execution capabilities via git commit and git checkout, as well as file-write capabilities for .gitignore (SKILL.md, Step 2, 3, 5).
  • Sanitization: There is no evidence of sanitization or escaping of the ingested file names before they are processed or used in prompts.
  • [SAFE]: The skill implements a security best practice by automatically generating a .gitignore file to ensure sensitive data like .env files are not accidentally committed to the repository.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 27, 2026, 08:07 PM
Security Audit — agent-trust-hub — git-teacher-save