Trust Assessment
here-be-git received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unsanitized user input for .gitignore patterns.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit 9b0e00ad). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unsanitized user input for .gitignore patterns The skill instructs the agent to 'Include any specific files or patterns the user mentions' when creating or updating the `.gitignore` file. This allows arbitrary user input to be written into the `.gitignore` file without explicit sanitization or validation. While `.gitignore` itself is not executable, its contents directly influence `git`'s behavior, which can have security implications. A malicious user could provide patterns that lead to:
1. **Denial of Service**: Providing `*` would ignore all files, effectively disabling version control for the repository.
2. **Information Hiding**: Providing patterns like `*.sh` or `*.py` could allow malicious scripts to be created and remain untracked by version control, making them harder to detect.
3. **Unintended Data Exposure**: Using `!` patterns (e.g., `!sensitive_file.txt`) could force sensitive files into the repository that would otherwise be ignored by other patterns. Implement explicit validation and sanitization of user-provided `.gitignore` patterns. The agent should only accept known safe patterns or provide a curated list of options, rather than directly incorporating arbitrary user input. For 'specific files/patterns', the agent should confirm with the user the implications of such patterns before writing them, or restrict them to common, non-sensitive patterns. | LLM | SKILL.md:49 |
Scan History
Embed Code
[](https://skillshield.io/report/64befa56bae92450)
Powered by SkillShield