git-pushing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes a local bash script (
scripts/smart_commit.sh) to execute Git commands (git add,git commit,git push). This is the primary and intended function of the skill and follows standard developer practices. - [DATA_EXFILTRATION] (SAFE): By design, the skill pushes local repository changes to a remote server (
origin). This behavior is explicitly disclosed in the description and is triggered by the user's intent to save or share their work. - [INDIRECT_PROMPT_INJECTION] (LOW): The script parses file names and diff content using
grepto suggest commit types (e.g., 'feat', 'fix', 'docs'). - Ingestion points: Staged file content and metadata via
git diff --cached. - Boundary markers: None; the script processes raw diff output.
- Capability inventory:
git push,git commit, and local shell execution. - Sanitization: The script uses the analyzed content to build a string for the commit message. While an attacker could influence the generated message by placing specific keywords in files, this does not grant unauthorized access or execute arbitrary commands.
- [REMOTE_CODE_EXECUTION] (SAFE): No external scripts or packages are downloaded or executed. All operations are local to the git repository.
Audit Metadata