Skills
skills/masanao-ohba/claude-manifests/git-operator/Gen Agent Trust Hub

git-operator

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill defines a workflow for executing standard Git commands (status, diff, add, commit, push). It also includes a SessionStart hook that uses yq to read .claude/config.yaml. These commands are local and align with the skill's purpose.\n- [PROMPT_INJECTION]: The skill processes untrusted data (repository state and code changes), creating an indirect prompt injection surface.\n
  • Ingestion points: Reads local configuration and repository changes via git status and git diff (SKILL.md).\n
  • Boundary markers: Absent in the workflow instructions.\n
  • Capability inventory: The skill can stage, commit, and push code changes.\n
  • Sanitization: Absent; the skill relies on the agent's reasoning to generate commit messages based on ingested content. However, the risk is inherent to Git management and handled within the agent's logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 12:35 AM