010108-version-control
Warn
Audited by Gen Agent Trust Hub on Jul 8, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/validate.pyperforms dynamic module loading and executes system commands. - The script utilizes
__import__("subprocess")to load the subprocess module at runtime. This is an obfuscation technique that can be used to hide module dependencies from static analysis tools. - It executes the
git logcommand to inspect the history of a target directory. While the command itself is read-only, the directory path is sourced from user-supplied command-line arguments. - [PROMPT_INJECTION]: The skill has an indirect prompt injection attack surface as it processes external data from Git repositories.
- Ingestion points: In
scripts/validate.py, the script reads and processes the output of thegit logcommand. - Boundary markers: There are no delimiters or markers used to isolate the untrusted commit message data from the script's execution context.
- Capability inventory: The script environment includes the ability to execute shell commands through the
subprocessmodule (scripts/validate.py). - Sanitization: The script does not perform validation or escaping of the content retrieved from the commit logs before processing it.
Audit Metadata