Skills
skills/kevinaimonster/skill-hub/git-master/Gen Agent Trust Hub

git-master

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the AI agent to read and process data from the user's Git repository status and logs, which could contain malicious instructions embedded by external contributors.\n
  • Ingestion points: git status and git log output as mentioned in the core workflow in SKILL.md.\n
  • Boundary markers: No delimiters or specific instructions are provided to separate repository data from agent instructions.\n
  • Capability inventory: The skill provides instructions for executing various Git shell commands, including history-altering commands like git reset and git rebase.\n
  • Sanitization: No sanitization or validation of the ingested repository data is implemented.\n- [EXTERNAL_DOWNLOADS]: The skill suggests running npx husky init to set up Git hooks. This command downloads and executes the Husky package from the public npm registry, which is a common and well-known development practice.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 03:44 PM