Security audit
Airflow DAG Git Plugin
Security checks across malware telemetry and agentic risk
Overview
The plugin has a coherent GitHub PR purpose, but its safety documentation and code conflict in ways that could cause unintended persistent GitHub changes.
Review before installing. If testing, use a sandbox repository, a least-privilege GitHub token, narrow allowlists, and readOnly mode where possible; do not rely on previewOnly or reuse existing branch names until the branch-conflict and preview-mode issues are fixed.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Static analysis
No suspicious patterns detected.
