commit-and-push
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple local shell commands including git (status, diff, commit, push, fetch, rev-parse), gh (pr create), and sed to manage the development lifecycle.
- [COMMAND_EXECUTION]: It invokes project-specific automation scripts located at
./scripts/agents/tooling/agentTool.tsfor tasks like dependency checking, repository identification, and interacting with the Gemini API. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it processes feedback from Gemini Code Assist or Codex reviews. Malicious content in PR comments could influence the agent's behavior during the feedback addressal phase.
- Ingestion points: External review comments are fetched and processed via the
checkGeminiQuotatool and addressed using the$address-gemini-feedbacklogic. - Boundary markers: No explicit delimiters are specified for the ingestion and processing of comment data.
- Capability inventory: The skill possesses file write capabilities (via git commit), network access (via git push and gh CLI), and PR management permissions.
- Sanitization: Employs single-quoted heredocs for PR body templates to prevent local shell interpolation bugs, but the content of the addressal logic is abstracted.
Audit Metadata