finalize-and-commit
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard development and version control commands (git, npm/yarn tests, linters) to verify code integrity. These actions are consistent with the skill's primary purpose of finalizing production-ready code.
- [DATA_EXFILTRATION]: Gate 3 explicitly includes a security review to ensure no PII (Personally Identifiable Information) or secrets are exposed in the code changes before they are committed.
- [SAFE]: The skill implements a 'Working Set Validation' gate that isolates current session changes and prevents the agent from modifying or staging files outside the intended scope. It specifically forbids the use of recursive staging commands like
git add .to ensure only reviewed files are committed. - [SAFE]: A human-in-the-loop checkpoint is required in Step 0-5, where the agent must present the list of files to the user and receive confirmation before proceeding with any staging or commits.
Audit Metadata