Git Workflow Cn

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Git workflow helper whose risky commands are visible and aligned with its stated purpose, though users should be careful before allowing destructive Git operations.

Install only if you want a Git command reference/helper. Before letting an agent run commands from it, confirm the repository, branch, and remote target, and require explicit approval for reset --hard, clean -f/-fd, branch deletion, history rewriting, garbage collection, global Git config changes, or pushes to shared/staging/production branches.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill documents destructive Git operations such as reset --hard, clean -f/-fd, history rewriting, and aggressive garbage collection with only minimal generic caution. In an agent skill context, users may copy or request these commands without understanding that they can permanently delete local work, rewrite history, or remove recovery paths, making this operationally dangerous even if not malicious.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal