git-squash
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs and executes shell-based Git commands using variables derived from user-provided arguments, such as
--baseand--subject. If these arguments are not properly handled by the execution environment, they could be exploited to inject arbitrary shell commands or malicious Git flags. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted repository data to generate a summarized commit message.
- Ingestion points: Repository commit logs and staged diffs are read in steps 4 and 6 of SKILL.md.
- Boundary markers: The instructions lack explicit delimiters or "ignore instructions" directives to prevent the model from obeying malicious commands embedded in commit history.
- Capability inventory: The skill has the capability to perform destructive history rewrites (git reset) and network operations (git push).
- Sanitization: No validation or escaping is applied to the retrieved commit content before it is processed by the AI agent.
Audit Metadata