managing-git-workflows
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The script
scripts/setup-hooks.shand the documentation inSKILL.mdrecommend installing standard development tools (husky, lint-staged, eslint, prettier, and commitlint) from the npm registry. These are industry-standard tools for managing Git workflows and do not pose a security risk in this context. - [COMMAND_EXECUTION] (SAFE): The skill includes several shell scripts (
scripts/check-branch-name.sh,scripts/validate-commit-msg.sh) that use common utilities likegit,grep, andsed. These scripts employ strict regex validation for input strings, preventing command injection and ensuring the inputs conform to expected Git naming and commit conventions. - [DYNAMIC_EXECUTION] (SAFE): The
scripts/setup-hooks.shfile usesnode -eto programmatically updatepackage.json. This dynamic execution is limited to local file manipulation using predefined templates and does not process untrusted external data, making it a safe operational choice for scaffolding.
Audit Metadata