* Done. All three git commands now have security protections:
**Changes made to `crates/remote/src/github_app/service.rs`:**
1. **Clone** (line 284): Added `-c core.hooksPath=/dev/null`, `-c core.autocrlf=false`, `-c core.symlinks=false` flags plus environment variables
2. **Fetch** (line 318): Added `-c core.hooksPath=/dev/null` flag plus environment variables
3. **Checkout** (line 349): Added `-c core.hooksPath=/dev/null` flag plus environment variables
**Security protections now in place:**
- `core.hooksPath=/dev/null` - Disables all git hooks
- `core.symlinks=false` - Prevents symlink attacks (on clone)
- `core.autocrlf=false` - Prevents line ending manipulation (on clone)
- `GIT_CONFIG_GLOBAL=/dev/null` - Ignores global git config
- `GIT_CONFIG_SYSTEM=/dev/null` - Ignores system git config
- `GIT_TERMINAL_PROMPT=0` - Prevents credential prompts
The repository cloning is now safe for untrusted repositories.
* Cleanup script changes for task attempt 8324c5ea-8505-49a7-a9f3-dfeb2d83cf54
6900b1df52