git-safety
Pass
Audited by Gen Agent Trust Hub on May 26, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses git commands like
git filter-repoandbfgto perform destructive history rewriting, which is the intended purpose for cleaning leaked credentials. It also generates a standard pre-commit hook bash script and makes it executable withchmod +x. - [EXTERNAL_DOWNLOADS]: The guide recommends installing established security tools such as
git-filter-repovia pip andgit-secretsvia Homebrew. - [DATA_EXFILTRATION]: The skill searches for sensitive files like
.env, cloud credentials, and SSH keys within the repository history. This data exposure is a core functional requirement for secret scanning and no external exfiltration was detected. - [PROMPT_INJECTION]: The skill processes file names and contents from the repository, creating an indirect prompt injection surface.
- Ingestion points: Untrusted data enters through
git log,find, andgit grepinreferences/full-guide.md. - Boundary markers: None provided in the command output.
- Capability inventory: Includes package installation, history rewriting, and force pushing to remotes.
- Sanitization: None performed on the captured file data.
Audit Metadata