Skills
skills/fivetaku/git-teacher/git-teacher-status/Gen Agent Trust Hub

git-teacher-status

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes several Git commands including write operations such as git checkout and git add. Specifically, it may automatically run git checkout main if a 'Detached HEAD' state is detected, which modifies the user's working directory without explicit confirmation.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8). It ingests untrusted data from the local environment, including filenames, branch names, and commit messages.
  • Ingestion points: git status --porcelain, git log, git branch, and git stash list (SKILL.md).
  • Boundary markers: None identified. The instructions do not define delimiters for the Git output or warn the agent to ignore instructions embedded in metadata.
  • Capability inventory: git checkout and git add are available as write operations (SKILL.md).
  • Sanitization: None identified. Metadata is processed directly for natural language translation.
  • [DATA_EXFILTRATION]: The execution of git remote -v exposes remote repository URLs to the agent's context. These URLs frequently contain sensitive authentication tokens or internal infrastructure details. While no external exfiltration to unauthorized domains was detected, the exposure of these credentials to the LLM context is a potential risk factor.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 08:07 PM