Skills
skills/robertmsale/.codex/gh-version-control-workflow/Gen Agent Trust Hub

gh-version-control-workflow

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides numerous wrappers for git and gh (GitHub CLI) to automate branch management, worktree creation, and pull request workflows.
  • [DATA_EXFILTRATION]: Communicates with an internal bridge at http://host.internal:8765 using curl to delegate Git operations. This mechanism transmits local repository paths and branch names to a non-whitelisted endpoint when the skill detects it is running in a restricted environment.
  • [PROMPT_INJECTION]: The skill functions as a surface for indirect prompt injection by ingesting untrusted data from the Git repository (such as file diffs, commit logs, and status reports) into the agent's context.
  • Ingestion points: Scripts such as git-status, git-diff, and git-show read and return content from the local Git repository.
  • Boundary markers: Absent. Repository content and command output are returned to the agent without delimiters or instructions to ignore embedded instructions.
  • Capability inventory: The skill possesses extensive capabilities to execute shell commands (git, gh, curl) and manipulate the file system.
  • Sanitization: Arguments sent to the delegation bridge are JSON-escaped, but content retrieved from the repository is not sanitized or escaped before being processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 12:27 PM