squash-commits
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs intended Git repository management tasks. No indicators of data exfiltration, obfuscation, or unauthorized access were found.
- [COMMAND_EXECUTION]: The skill executes a bundled shell script
scripts/squash.shto analyze branch history and perform agit reset --soft. It also instructs the agent to rungit committo finalize the squash. These actions are the primary purpose of the skill. - [PROMPT_INJECTION]: The skill handles untrusted commit messages from the repository history which presents a potential surface for indirect prompt injection; however, this risk is mitigated by instructions directing the agent to synthesize the data into a summary and a requirement for explicit user confirmation before any changes are finalized. Ingestion points:
scripts/squash.sh(git log); Boundary markers:=== COMMIT MESSAGES ===; Capability inventory:git reset,git update-ref,git commit; Sanitization: Agent synthesis and mandatory user preview.
Audit Metadata