git-sync
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Git commands to perform branch synchronization tasks such as fetching, merging, rebasing, and stashing. It implements safety protocols including the use of
--force-with-leaseto prevent overwriting remote work and strictly forbids force-pushing to themainormasterbranches. - [DATA_EXFILTRATION]: Analyzes local repository metadata, including branch history, status, and remote configurations. These operations are standard for Git-based workflows and do not involve transmitting sensitive data to external or untrusted destinations.
- [PROMPT_INJECTION]: Includes 'Anti-Hallucination Guidelines' and specific workflow phases that require the agent to verify the actual state of the repository before suggesting or executing actions, which serves to reinforce operational safety.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data from branch names, commit messages, and PR metadata. While this presents a potential surface for indirect injection, the risk is mitigated by instructions that mandate manual conflict resolution and user confirmation for high-risk operations like force-pushing.
Audit Metadata