commit
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes dynamic context injection (
!command) to execute git commands (branch, status, log, diff) at load time to provide context. It also instructs the agent to run arbitrary validation commands (tests, builds, type checks) based on the repository's configuration. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it ingests untrusted data from git diffs and commit history.
- Ingestion points: Git status, log, and diff output processed in
SKILL.md. - Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands in the diffs.
- Capability inventory: The skill can execute shell commands for validation (Step 3) and git operations (Step 7).
- Sanitization: Absent; file content from diffs is not sanitized before being analyzed by the agent.
- [SAFE]: The skill implements a robust 'safety gate' (Step 1) that explicitly directs the agent to identify and exclude sensitive files such as
.envfiles, private keys, and credential files from commits. - [SAFE]: Mandatory human-in-the-loop confirmation is required for all write actions, including staging, committing, and pushing code.
Audit Metadata