git-workflow
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Git commands and Python scripts. It uses secure shell patterns, specifically quoted heredocs ('EOF'), to ensure that generated commit messages are treated as literal strings, preventing shell expansion or command injection during the commit process.
- [PROMPT_INJECTION]: An indirect prompt injection surface exists because the skill processes untrusted data from git logs and diffs. This risk is effectively mitigated by 'Critical Rule 1', which requires the agent to present any generated content and obtain explicit user approval before execution.
- Ingestion points: git diff output, git log history, and conflicted file contents (SKILL.md Modes 1, 2, and 4).
- Boundary markers: None explicitly defined in script inputs.
- Capability inventory: Ability to execute git commit and git bisect run (SKILL.md).
- Sanitization: Relies on human-in-the-loop verification and LLM reasoning to filter malicious instructions within processed data.
- [DATA_EXPOSURE]: The skill accesses repository metadata, history, and file contents to perform archaeology and conflict resolution. These operations are restricted to the local repository environment and are necessary for the skill's stated purpose.
- [EXTERNAL_DOWNLOADS]: The skill uses local Python scripts (diff-summarizer.py and commit-parser.py) and does not perform any external network requests or download third-party code at runtime.
Audit Metadata