git-sync
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains instructions that encourage agent autonomy by bypassing user interaction. In the 'Key principles' section, it states: 'Do not ask the user; make decisions independently' and 'Do not pause to ask the user'. This directs the agent to override standard behavior that typically requires user confirmation for significant actions like resolving merge conflicts or choosing between merge and rebase strategies.
- [COMMAND_EXECUTION]: The skill utilizes Bash commands to perform Git operations (
git fetch,git pull,git push, etc.). It includes a security measure in the YAML frontmatter'shookssection that proactively blocks force-push commands (git push --forceor-f) to prevent accidental data loss or history destruction. - [DATA_EXPOSURE]: The skill processes repository metadata, including commit hashes and log messages, to synchronize branches. While it reads local configuration and history, it does not access sensitive files outside of the Git environment (e.g.,
.sshor.aws).
Audit Metadata