git-weekly-report
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/git_weekly_report.pyexecutesgit logandgit rev-parseusingsubprocess.run. The command arguments are passed as a list, which prevents shell injection vulnerabilities. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted data from git commit logs.
- Ingestion points: Commit subjects and bodies are read from git repositories via
scripts/git_weekly_report.pyand provided to the agent for summarization. - Boundary markers: Absent. The instructions do not specify delimiters to separate commit content from the agent's instructions.
- Capability inventory: The skill can read local file metadata via git and write structured reports to the file system. It lacks network capabilities.
- Sanitization: The script truncates long commit bodies but does not filter or sanitize the text for potentially malicious instructions.
Audit Metadata