git-workflow
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The documentation includes an optional command to run the
@claude-flow/clitool usingnpx. This fetches the package from the official NPM registry, which is a well-known and trusted service for development tools. - [PROMPT_INJECTION]: The skill processes external data from Git repositories and diffs, which represents a potential surface for indirect prompt injection.
- Ingestion points: Repository analysis and diff risk assessment tools (
SKILL.md). - Boundary markers: Not explicitly defined in the provided instructions.
- Capability inventory: The skill utilizes the
Bashtool for local git operations. - Sanitization: Instructions do not specify sanitization for the content of diffs or repository metadata.
Audit Metadata