git-branchless

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface because it frequently ingests and processes untrusted data from the Git repository environment while maintaining high-privilege capabilities.
  • Ingestion points: Git commit messages, branch names, and repository history accessed through git sl, git query, and git smartlog as detailed in SKILL.md and references/commands.md.
  • Boundary markers: Absent; the skill instructions do not require the use of delimiters or 'ignore' instructions when interpolating repository metadata into the agent's context.
  • Capability inventory: Extensive shell execution via git and git-branchless CLI tools, including the highly capable git test run --exec command which executes arbitrary shell strings across commit stacks.
  • Sanitization: Absent; there are no defined validation or escaping procedures for strings retrieved from the repository before they are processed by the agent.
  • [COMMAND_EXECUTION]: The core functionality of the skill involves the execution of various Git-related shell commands. While appropriate for the skill's stated purpose of version control management, it requires the agent to have broad execution permissions within the user's shell environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 02:05 AM
Security Audit — agent-trust-hub — git-branchless