Skills
skills/giikin/skills/git-auto-commit-push/Gen Agent Trust Hub

git-auto-commit-push

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a series of shell-based Git commands including git status, git add, git commit, git pull, and git push to manage repository state.
  • [COMMAND_EXECUTION]: The skill explicitly instructs the agent to use required_permissions: ["all"] for all operations. This is a high-privilege request designed to ensure access to Git credentials but grants broad system access.
  • [DATA_EXFILTRATION]: The git push command is used to transmit local repository data and commit history to remote servers, which constitutes a network-based data transfer.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing untrusted data from the repository.
  • Ingestion points: Reads output from git status, git diff, and git log into the agent's context.
  • Boundary markers: Absent; there are no delimiters or instructions to ignore embedded content within the Git output.
  • Capability inventory: Includes the ability to perform shell execution (git commands) and network operations (git push).
  • Sanitization: Absent; the skill does not specify any sanitization or validation of file names or diff content before using them to generate commit messages.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 02:23 AM