git-maker
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill includes explicit security guidelines in
rules/commit-and-push-policy.mdandSKILL.mdto prevent the accidental inclusion of secrets and credentials in commits. - [SAFE]: The
scripts/git-maker-fast.shscript implements safety checks that block force-pushing to protected branches (main,master) and prevent operations from a detached HEAD state. - [SAFE]: Command execution is limited to standard git operations and local scripts. No unauthorized external network calls or remote code execution patterns were identified.
- [PROMPT_INJECTION]: The skill ingests untrusted data from git diffs and file names, creating a surface for Indirect Prompt Injection. 1. Ingestion points:
scripts/git-maker-fast.sh(git status/file lists). 2. Boundary markers: Present inrules/agent-parallelism.mdtemplates. 3. Capability inventory:scripts/git-maker-fast.sh(git push). 4. Sanitization: Absent, relies on instruction-based boundaries.
Audit Metadata