commit
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were identified. The skill's behavior is consistent with its stated purpose of facilitating development traceability.
- [COMMAND_EXECUTION]: The skill executes local git commands and standard shell utilities. It employs secure command construction by using quoted heredocs ('EOF') to ensure that content from plan files or user descriptions cannot trigger arbitrary command execution during the commit process.
- [DATA_EXFILTRATION]: Analysis confirmed that while the skill reads local files from the ~/.claude/plans/ directory, this data is only used to populate git commit metadata within the local repository. No network requests or data transmissions to external domains were detected.
Audit Metadata