git-weekly-report

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/git_weekly_report.py executes git log and git rev-parse using subprocess.run. The command arguments are passed as a list, which prevents shell injection vulnerabilities.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted data from git commit logs.
  • Ingestion points: Commit subjects and bodies are read from git repositories via scripts/git_weekly_report.py and provided to the agent for summarization.
  • Boundary markers: Absent. The instructions do not specify delimiters to separate commit content from the agent's instructions.
  • Capability inventory: The skill can read local file metadata via git and write structured reports to the file system. It lacks network capabilities.
  • Sanitization: The script truncates long commit bodies but does not filter or sanitize the text for potentially malicious instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 02:07 PM
Security Audit — agent-trust-hub — git-weekly-report