git-pushing
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill relies on the execution of an external bash script (
smart_commit.sh) which is not provided for analysis. - Evidence: The workflow explicitly directs the agent to run
bash skills/git-pushing/scripts/smart_commit.sh. - Risk: Without the script content, it is impossible to verify if it contains malicious commands or handles arguments safely.
- [PROMPT_INJECTION] (HIGH): The skill accepts a user-provided commit message as a command-line argument to a shell script, which is a classic shell injection vector.
- Evidence:
bash skills/git-pushing/scripts/smart_commit.sh "feat: add feature". - Risk: If the commit message is interpolated into a shell command within the script (e.g.,
git commit -m "$1"), an attacker could provide a message like"; rm -rf /; #"to execute arbitrary commands on the host system. - [DATA_EXFILTRATION] (MEDIUM): The skill's core purpose is to transmit local data to a remote repository.
- Evidence: The description states the skill will "push git changes" and "push to remote branch."
- Risk: While this is functional behavior, it can be abused to exfiltrate sensitive files if they are added to the git index, making the skill a powerful tool for an attacker who has achieved indirect control over the agent.
Recommendations
- AI detected serious security threats
Audit Metadata