Skills
skills/claudiodearaujo/izacenter/git-pushing/Gen Agent Trust Hub

git-pushing

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a bash script scripts/smart_commit.sh to run Git commands.
  • [DATA_EXFILTRATION]: The script scripts/smart_commit.sh performs git add . followed by git push. This can lead to the accidental upload of sensitive files (like .env or credentials) to a remote repository if they are not explicitly ignored.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via user-supplied commit messages:
  • Ingestion points: The MESSAGE variable in scripts/smart_commit.sh accepts untrusted user input.
  • Boundary markers: None are present to delimit the commit message from instructions.
  • Capability inventory: The script executes git commit and git push, which can affect remote repositories and CI/CD pipelines.
  • Sanitization: There is no validation or escaping of the user-provided message before it is passed to the shell command.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 01:14 AM