Skills
skills/morphet81/cheat-sheets/pre-push/Gen Agent Trust Hub

pre-push

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands for code validation, such as npm run lint, npm test, cargo build, and go test. These commands are consistent with the skill's primary purpose of running pre-push checks.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through local project configuration files.
  • Ingestion points: Reads data from package.json, pyproject.toml, Cargo.toml, and go.mod files.
  • Boundary markers: Absent. The skill does not use delimiters or instructions to ignore malicious embedded content in these files.
  • Capability inventory: Possesses significant capabilities to execute shell commands across several runtimes (Node.js, Python, Rust, Go).
  • Sanitization: Absent. Commands and scripts extracted from configuration files are executed without sanitization or validation.
  • [EXTERNAL_DOWNLOADS]: The use of npx and package manager commands may trigger downloads of missing dependencies from official registries like npmjs.com. These are standard developer operations and target well-known repositories.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 03:41 AM