Skills
skills/mhattingpete/claude-skills-marketplace/git-pushing/Gen Agent Trust Hub

git-pushing

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION] (MEDIUM): The smart_commit.sh script uses git add . to stage all modified and untracked files indiscriminately. This is a high-risk pattern in an agentic environment as it can lead to the accidental staging and pushing (exfiltration) of sensitive local data such as .env files, SSH keys, or API credentials that may not be covered by .gitignore.
  • [PROMPT_INJECTION] (LOW): The skill has an indirect prompt injection surface where malicious file content or filenames can influence the generated commit message. 1. Ingestion points: scripts/smart_commit.sh reads untrusted data via git diff. 2. Boundary markers: Absent. 3. Capability inventory: git commit and git push capabilities. 4. Sanitization: Absent.
  • [COMMAND_EXECUTION] (LOW): The skill executes local git and bash commands to perform its primary function of repository management.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 05:31 PM