That’s partly true, but it is more relevant to Git than to other things because there are malicious ways to configure a git repository that will end up running programs written by someone else under your user id.
It’s one step more indirect than that. If I want my prompt to tell me what branch is checked out, I can have it include the output of running `git branch`, for example. Unbeknownst to me, running `git branch` can cause git to run programs specified in the git repository’s config file. It’s not normally a problem of course, because I am using my own computer with all of my own git repositories. But it can be a problem if the computer is shared with others.
I think `git branch` here wasn't intended to be taken literally. If anything, you'd use a plumbing command to get the branch, not a porcelain command. I think they just meant that some commands that might be run might in turn run programs specified in the config file (either now or in the future).
So what's a good example of a git command that you might reasonably run as part of your $PS1 that runs an external program? It's not like people have git push or git commit in their $PS1.
`git status`. This essentially has a "prompt" mode with `--porcelain`, which can even print branch and stash state, so it features all of the information for a prompt. Prompts have been mentioned in adding the v2 porcelain format[0]
It will call the fsmonitor hook configured in core.fsmonitor - this is supposed to speed up figuring out which files to check.
The official git-prompt.sh calls `git diff`, which will do the same[1].
