git-workflow
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEDATA_EXFILTRATIONCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The
shared/file-inclusion-policy.mddefines a high-risk default behavior where the agent is instructed to include 'all user-modified files' in the commit, specifically including untracked and unstaged files. Becausedocs/pr.mdincludes a 'Push to origin' step, this creates a direct path for potentially sensitive local data to be exfiltrated to a remote repository. - [CREDENTIALS_UNSAFE]: The 'Ambiguity rule' in
shared/file-inclusion-policy.mdstates: 'If there is any uncertainty about whether a file should be committed: Include the file.' This directly conflicts with the goal of protecting secrets. If an agent fails to recognize a specific file as a credential or secret, this instruction overrides caution and may lead to the exposure of sensitive tokens or keys. - [COMMAND_EXECUTION]: The skill's core functionality requires the execution of shell commands for Git operations (branching, committing, pushing). While necessary for the stated purpose, the combination of automated branch creation and pushing to remote origins requires high trust in the agent's ability to correctly filter files.
- [DATA_EXFILTRATION]: The skill possesses a surface for indirect prompt injection. In
docs/pr.md, the agent is instructed to 'Inspect repository' and 'diff summary' to 'Generate PR body'. If a modified file contains malicious instructions in the form of code comments or documentation, the agent might inadvertently follow those instructions when drafting the PR description or summary.
Audit Metadata