push
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection surface detected. The skill processes local data to generate commit messages, which could be exploited if an attacker places malicious instructions in a note. Evidence Chain: 1. Ingestion points: Local files read via 'Read' and 'Glob' tools. 2. Boundary markers: Absent; no clear separation between content and instructions for the agent. 3. Capability inventory: Includes 'Bash' tool for command execution. 4. Sanitization: None specified in the workflow instructions.
- COMMAND_EXECUTION (SAFE): The skill utilizes the Bash tool for legitimate Git operations (add, commit, pull, push). These are necessary for its primary function and do not involve unauthorized privilege escalation.
- DATA_EXFILTRATION (SAFE): While the skill transmits data to a remote repository via 'git push', this is the intended core functionality. The instructions follow security best practices by recommending the use of .gitignore and warning against committing credentials or API keys.
Audit Metadata