Skills
skills/giikin/skills/git-auto-commit-push/Gen Agent Trust Hub

git-auto-commit-push

Fail

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill explicitly instructs the agent to include .env and .env.* files in git commits and pushes by default. These files are standard locations for sensitive information such as API keys, database credentials, and private tokens. Committing them to version control, especially remote repositories, is a major security risk.
  • [PROMPT_INJECTION]: The instructions use language designed to override the agent's built-in safety filters and standard behaviors. Specifically, it claims a "higher right of interpretation" regarding user authorization and explicitly tells the agent to ignore "universal default behaviors" or "habits" that would normally prevent the pushing of sensitive files or the execution of potentially dangerous commands.
  • [COMMAND_EXECUTION]: The skill requires the agent to execute shell commands with broad privileges (required_permissions: ["all"]) to perform git operations, including git push and git pull --rebase. While necessary for the skill's function, this combined with the instruction to include sensitive files increases the risk of accidental or malicious data exposure.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 24, 2026, 09:36 AM