review-and-ship
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or hardcoded credentials were detected. The skill uses standard Git commands to perform its stated functions.\n- [DYNAMIC_EXECUTION]: The workflow instructs the agent to run or update tests based on code changes.\n
- Evidence: Step 2 of the workflow requires running tests on the local codebase.\n
- Context: This is an expected behavior for a developer-oriented skill and does not pose a security risk in this context.\n- [INDIRECT_PROMPT_INJECTION]: The skill analyzes code diffs which could potentially contain malicious instructions.\n
- Ingestion points: The agent reads the output of
git diffto identify behavior-impacting risks.\n - Boundary markers: No specific delimiters are used to isolate untrusted code content from instructions.\n
- Capability inventory: The agent has the authority to commit code, push to remote branches, and manage pull requests.\n
- Sanitization: No explicit sanitization or filtering of the diff content is mentioned.\n
- Context: The skill includes guardrails to prioritize security and correctness, mitigating the risk of accidental execution of embedded instructions.
Audit Metadata