Skills
skills/charlesjones-dev/claude-code-plugins-dev/git-commit-push/Gen Agent Trust Hub

git-commit-push

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a series of git commands to manage repository state.
  • Evidence: Uses git status, git diff, git log, git branch, git add, git commit, and git push to perform its primary function.
  • Security Practice: Uses a HEREDOC pattern (cat <<'EOF') for the commit message to prevent shell injection vulnerabilities when processing generated text.
  • [DATA_EXFILTRATION]: The skill pushes local data to a remote server as part of its intended function.
  • Evidence: Uses git push to synchronize changes with the 'origin' remote.
  • Security Practice: Implements a mandatory secret-scanning step that prevents staging files containing sensitive data like .env, credentials, *.key, and *.pem.
  • [PROMPT_INJECTION]: Employs defensive prompt engineering to harden the agent's behavior against manipulation.
  • Evidence: Includes instructions to ignore any user-provided arguments or flags (e.g., --force) that follow the command, ensuring the agent maintains control over the execution workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 12:48 PM