Skills
skills/hashintel/hash/managing-git-workflow/Gen Agent Trust Hub

managing-git-workflow

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the GitHub CLI (gh) to execute commands like gh pr view, gh pr diff, and gh api. These operations are used to fetch pull request details, code changes, and comments from the 'hashintel/hash' repository.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external GitHub contributors.
  • Ingestion points: Pull request content, including comments and code diffs, are read into the agent's context (SKILL.md).
  • Boundary markers: There are no markers used to encapsulate the untrusted data or instructions to the agent to ignore embedded commands.
  • Capability inventory: The skill uses the 'gh' tool for information gathering and an MCP tool ('mcp__linear__get_issue') for integration with Linear.
  • Sanitization: No sanitization or validation of the ingested GitHub data is performed.
  • Analysis: By requiring the agent to view the 'FULL diff' without truncation, the skill ensures that any instructions embedded within the code changes or comments will be processed by the agent, potentially allowing an attacker to influence the agent's review or subsequent actions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 03:53 PM