oma-scm

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes Git CLI commands to manage repository state, including commits, merges, and branching. It enforces security best practices by requiring explicit file paths and warning against the staging of sensitive files like .env or private keys as seen in the SKILL.md and commit-config.yaml files.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from the codebase through git status, git diff, and git log operations (documented in SKILL.md and onboarding-risk-signals.md). This presents an indirect prompt injection surface where an attacker could embed malicious instructions in commit messages or file contents. While the skill includes instructions for safe handling, there are no formal boundary markers or sanitization steps to isolate this external content from the agent's reasoning process.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 12:18 PM
Security Audit — agent-trust-hub — oma-scm