Back to skill

Security audit

Git Log Summary

Security checks across malware telemetry and agentic risk

Overview

This Git reporting skill is useful and mostly aligned with its purpose, but one helper script can run unintended shell commands from crafted arguments and the reports may expose repository details.

Review before installing. Use only on repositories and URLs you trust, avoid passing untrusted values to the remote helper until the eval usage is fixed, choose output paths carefully because existing files can be overwritten, and inspect reports before sharing because they can include local paths, remote URLs, author names, branch names, and commit messages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The script includes full remote repository URLs and the local repository path in the generated report, which can disclose sensitive internal infrastructure details, usernames, filesystem layout, or embedded credentials in poorly configured remotes. In agent contexts where the report may be shared externally or stored in logs/artifacts, this creates an avoidable information disclosure risk beyond basic commit summarization.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The script builds a shell command in the PARAMS string and executes it with eval, which re-parses shell metacharacters and quotes. Because OUTPUT_FILE and NUM_COMMITS come from user-controlled arguments, an attacker can inject additional shell syntax and achieve arbitrary command execution, which is far beyond the stated purpose of generating a Git summary report.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill output includes repository path, remote URLs, author names, branch names, and commit messages, all of which may contain sensitive internal metadata or credentials embedded in URLs. Without a clear warning, users may generate and share reports that unintentionally leak infrastructure details, personal data, or confidential development history.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The remote analysis feature causes outbound network requests and clones repository contents into local temporary storage, but the documentation does not clearly warn about those effects. In restricted or sensitive environments, this can violate network-use expectations, download untrusted content, or leave residual repository data on disk if retention options are used.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script unconditionally truncates the chosen output file with '> "$OUTPUT_FILE"', which can overwrite existing files and destroy data if the path is user-supplied or unexpectedly resolves to an important file. In automation or agent-driven execution, this risk is heightened because file paths may be passed non-interactively and mistakes are harder to catch.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.