010108-version-control

Warn

Audited by Gen Agent Trust Hub on Jul 8, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/validate.py performs dynamic module loading and executes system commands.
  • The script utilizes __import__("subprocess") to load the subprocess module at runtime. This is an obfuscation technique that can be used to hide module dependencies from static analysis tools.
  • It executes the git log command to inspect the history of a target directory. While the command itself is read-only, the directory path is sourced from user-supplied command-line arguments.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection attack surface as it processes external data from Git repositories.
  • Ingestion points: In scripts/validate.py, the script reads and processes the output of the git log command.
  • Boundary markers: There are no delimiters or markers used to isolate the untrusted commit message data from the script's execution context.
  • Capability inventory: The script environment includes the ability to execute shell commands through the subprocess module (scripts/validate.py).
  • Sanitization: The script does not perform validation or escaping of the content retrieved from the commit logs before processing it.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 8, 2026, 12:19 PM
Security Audit — agent-trust-hub — 010108-version-control