managing-commits
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill performs legitimate repository management tasks as described in its documentation.
- [COMMAND_EXECUTION]: The Python scripts in the scripts/ directory utilize the subprocess module to interact with git and the GitHub CLI (gh). These commands are executed securely using argument lists rather than shell strings, effectively preventing command injection. The scope of execution is restricted to standard Git and GitHub operations.
- [DATA_EXFILTRATION]: While the skill interacts with GitHub APIs to sync issue data, these operations are performed through the official GitHub CLI tool. All retrieved data is stored locally in the .claude/ directory for contextual awareness, and no data is transmitted to unauthorized or unknown external domains.
- [REMOTE_CODE_EXECUTION]: The skill does not contain any patterns for downloading or executing remote code. All logic is contained within the provided Python scripts, and no external dependencies are fetched at runtime.
Audit Metadata