Git commands (log, diff, show) can execute arbitrary code via:
- core.pager set in repo-local .git/config
- diff.external pointing to an attacker-controlled binary
- filter drivers in .gitattributes
Mitigation: require --no-pager flag, recommend -c core.pager=cat
to disable pager-driven execution. Moved git commands from the
unqualified allowlist to a hardened allowlist with explicit flags.
- Replace httpx.Retry references with correct httpx API usage across all files
(httpx has no built-in Retry class; use HTTPTransport/Limits instead)
- Fix _check_summary to check first 100 words (not 100 characters)
- Fix template to only show → improvement arrow for non-5 scores
- Clarify hook documentation: hook echoes reminder, does not run evaluator
- Add return type annotation to main()
- Make required parameter keyword-only in _read_file_or_text
- evaluate.py: add CRITICAL ISSUES (axes ≤ 2) section, VERDICT line
- agent-evaluator.md: match format_report output exactly (title, evidence markers, bar graphs)
- templates/evaluation-report.md: match evaluate.py output format
- All now produce identical AGENT SELF-EVALUATION REPORT structure
Single authoritative format: evaluate.py's format_report() output.
