Skills
skills/dparedesi/agent-global-skills/commit-and-push/Gen Agent Trust Hub

commit-and-push

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses several local git and GitHub CLI commands to gather context and perform actions, including git status, git diff, git commit, git push, and gh pr create. These are restricted to standard repository management tasks.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the local environment into the LLM context.
  • Ingestion points: Repository data is read via git status, git diff HEAD, and git log as defined in SKILL.md.
  • Boundary markers: No delimiters or instructions are provided to the agent to ignore or isolate potentially malicious instructions embedded within the codebase or diff output.
  • Capability inventory: The agent has the ability to execute git add, git commit, git push, and gh pr create, which could be abused if the agent is influenced by malicious content in the diffs.
  • Sanitization: There is no evidence of sanitization or filtering of the command outputs before they are processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 03:29 AM