Security Audit
git-pr-workflows-git-workflow
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
git-pr-workflows-git-workflow received a trust score of 79/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via Generated Commands, Potential Command Injection via Generated Commands (PR Configuration).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via Generated Commands The skill defines a workflow where the 'cicd-automation::deployment-engineer' subagent is tasked with generating 'Branch preparation commands' and 'PR configuration commands'. User-controlled inputs, such as the 'Target branch' specified via `$ARGUMENTS` or other flags, are passed to this agent. If these inputs are not rigorously validated and sanitized by the orchestrator or the subagent itself, a malicious user could inject arbitrary shell commands into the generated output. If the orchestrator then automatically executes these generated commands, it could lead to arbitrary command execution on the host system or within the CI/CD environment. Implement strict input validation and sanitization for all user-provided arguments (e.g., target branch names, flag values) before they are passed to any subagent that generates commands. Ensure that the 'cicd-automation::deployment-engineer' subagent is explicitly instructed to validate inputs and refuse to generate commands for invalid or malicious strings. Furthermore, any commands generated by subagents should be executed in a highly sandboxed environment, or require explicit human review and approval before execution to prevent unintended or malicious operations. | LLM | SKILL.md:90 | |
| HIGH | Potential Command Injection via Generated Commands (PR Configuration) Similar to branch management, the 'cicd-automation::deployment-engineer' subagent is also responsible for generating 'PR configuration commands and automation rules'. User-controlled inputs, potentially including details that influence PR metadata or merge strategies, could be used to craft malicious commands. If these generated commands are executed without proper validation or sandboxing, it could lead to unauthorized changes to repository settings, CI/CD pipelines, or other system-level actions. Implement strict input validation and sanitization for all user-provided arguments that influence PR configuration. Ensure the 'cicd-automation::deployment-engineer' subagent is designed to generate safe commands and to reject or escape any potentially malicious input. All generated commands should be subject to a robust execution policy, such as requiring human approval or execution within a strictly sandboxed environment. | LLM | SKILL.md:120 |
Scan History
Embed Code
[](https://skillshield.io/report/7ada10d83e8e9584)
Powered by SkillShield