trail
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill automates regression detection through 'git bisect run', which involves executing user-provided or project-defined test commands. This functionality is the primary intended purpose of the skill and is accompanied by explicit safety warnings in SKILL.md and best-practices.md concerning the execution of arbitrary test code.
- [EXTERNAL_DOWNLOADS]: The skill includes procedures to fetch benchmark artifacts using the official GitHub CLI tool ('gh run download') as documented in references/non-functional-regression.md. This operation targets a well-known and trusted service to retrieve project-specific performance data.
- [PROMPT_INJECTION]: As a tool designed to process git logs and commit messages, the skill has a surface for indirect prompt injection from repository metadata. However, the skill is scoped to specific investigation workflows and uses git as the authoritative source of truth, minimizing the likelihood of malicious instructions influencing the agent's core logic.
Audit Metadata