pre-commit-validator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): Utilizes standard developer commands such as
npm run,git status, andgit diffto validate the project state. These actions are aligned with the skill's primary purpose. - [CREDENTIALS_UNSAFE] (SAFE): Contains specific logic to search for and prevent the accidental commit of API keys, tokens, or secrets using grep patterns.
- [EXTERNAL_DOWNLOADS] (SAFE): Includes
npm installfor dependency management. While this triggers external downloads, it is expected behavior for local development toolchains. - [PROMPT_INJECTION] (LOW): The skill ingests untrusted data from local file diffs and filenames. Evidence: (1) Ingestion points:
git diff,git status(2) Boundary markers: Absent (3) Capability inventory:Bash(npm, git, grep) (4) Sanitization: Absent. This surface is inherent to code analysis tools and represents a low risk.
Audit Metadata