git-branchless
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface because it frequently ingests and processes untrusted data from the Git repository environment while maintaining high-privilege capabilities.
- Ingestion points: Git commit messages, branch names, and repository history accessed through
git sl,git query, andgit smartlogas detailed inSKILL.mdandreferences/commands.md. - Boundary markers: Absent; the skill instructions do not require the use of delimiters or 'ignore' instructions when interpolating repository metadata into the agent's context.
- Capability inventory: Extensive shell execution via
gitandgit-branchlessCLI tools, including the highly capablegit test run --execcommand which executes arbitrary shell strings across commit stacks. - Sanitization: Absent; there are no defined validation or escaping procedures for strings retrieved from the repository before they are processed by the agent.
- [COMMAND_EXECUTION]: The core functionality of the skill involves the execution of various Git-related shell commands. While appropriate for the skill's stated purpose of version control management, it requires the agent to have broad execution permissions within the user's shell environment.
Audit Metadata