ln-003-push-all
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill dynamically discovers and executes shell commands for linting by reading local project files such as docs/project/runbook.md, CLAUDE.md, and README.md. An attacker could exploit this by placing malicious commands in these files to achieve local execution.
- [DATA_EXFILTRATION]: The instruction to run 'git add -A' followed by 'git push' stages all untracked files in the directory. If sensitive files (such as .env or SSH keys) are present and not excluded by .gitignore, they may be unintentionally pushed to a remote repository.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. (1) Ingestion points: docs/project/runbook.md, CLAUDE.md, README.md, CHANGELOG.md. (2) Boundary markers: Absent. (3) Capability inventory: git commands and subprocess execution of linter commands. (4) Sanitization: Absent. Instructions found in these files could influence agent behavior during the commit and push workflow.
Audit Metadata