Back to plugin

Security audit

skill-git-official

Security checks across malware telemetry and agentic risk

Overview

This skill mostly matches its local skill-versioning purpose, but it needs review because some commands pass user input directly into Bash and it can make persistent changes to agent skill files.

Install only if you are comfortable giving this skill local Bash/git access to your agent skill folders. Use simple, trusted command arguments, inspect all confirmation prompts before approving commits, merges, or reverts, and periodically review or delete `~/.skill-git` caches if your skill files contain sensitive instructions.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.prompt_injection_instructions

Prompt-injection style instruction pattern detected.

Warn
Code
suspicious.prompt_injection_instructions
Location
skills/conflict-patterns/SKILL.md:195
Evidence
- **Prompt injection**: Rule contains phrases like "ignore previous instructions", "disregard all rules", "from now on you are", "forget everything"