fast
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to automate Git workflows, including creating feature branches, staging changes, and committing them with conventional commit messages. The implementation uses quoted heredocs for commits, which is a defensive coding practice to prevent shell injection from user-provided descriptions.
- [PROMPT_INJECTION]: As the skill reads and interprets content from the repository to perform edits, it possesses a surface for indirect prompt injection.
- Ingestion points: The skill reads
CLAUDE.mdand up to three user-specified target source files during the understanding phase. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat file content as untrusted data or to ignore embedded instructions.
- Capability inventory: The skill possesses
Edit,Write, andBashcapabilities, allowing it to modify the file system and execute version control commands. - Sanitization: Content read from the repository is processed without explicit sanitization or verification steps.
Audit Metadata