Skills
skills/charlesjones-dev/claude-code-plugins-dev/git-commit-push-pr/Gen Agent Trust Hub

git-commit-push-pr

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool for standard version control operations (git) and pull request management (gh). It employs quoted HEREDOCs (<<'EOF') when embedding model-generated text into shell commands, which is an effective security measure against command injection from potentially malicious repository content.
  • [DATA_EXFILTRATION]: The skill includes a proactive rule to identify and exclude sensitive files such as .env or credentials from being committed, addressing common data exposure risks in development workflows.
  • [PROMPT_INJECTION]: The design minimizes the risk of indirect prompt injection by using AskUserQuestion for all critical decision points, ensuring a human-in-the-loop for branch selection and PR targets. The potential for malicious content in diffs or logs to influence the agent is addressed through clear task delimitation and safe shell escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 12:48 PM