commit
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard Git commands (
git status,git add,git commit,git push) and project-specific linters (cargo fmt,npm run lint,ruff check). These operations are consistent with the skill's stated purpose of managing commits and validating code quality. - [REMOTE_CODE_EXECUTION]: The skill invokes a local Python script (
scripts/validate.py) to run validation tools. This script usessubprocess.runwith hardcoded command lists, which prevents command injection from external input. No remote script downloading or execution was found. - [DATA_EXFILTRATION]: While the skill can push code to remote repositories using
git push, this action is explicitly gated by user request/intent and is a standard part of the Git workflow. - [SAFE]: The skill implements best practices such as conventional commit formatting, logical change grouping, and automatic exclusion of temporary or sensitive files (e.g.,
.log,node_modules/,build/) from being staged.
Audit Metadata