Skills
skills/johnkmcleod9/antigravity-skills-workflows/git-pushing/Gen Agent Trust Hub

git-pushing

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The scripts/smart_commit.sh script uses git add . to stage all changes in the current directory, followed by git push to upload them to a remote repository. This approach can inadvertently stage and exfiltrate sensitive files or configuration data.
  • [DATA_EXFILTRATION]: Evidence of data ingestion: the script reads the local filesystem via git status. Evidence of capability: the script performs network operations via git push. Although a check for sensitive patterns (.env, .key, token, etc.) is implemented, it only provides a console warning and proceeds automatically after a 10-second timeout (read -t 10). This auto-continuation behavior poses a risk in automated agent environments where warnings might be ignored.
  • [COMMAND_EXECUTION]: The skill executes a bash script that accepts a commit message as an argument. If the agent populates this message using untrusted or unvalidated external data, it could potentially lead to shell argument injection during the invocation of the script.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 11:45 PM