commit-and-pr
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes standard version control commands (
git) and the GitHub CLI (gh). These operations are necessary for the skill's intended purpose and do not show signs of malicious intent. - [DATA_EXFILTRATION] (SAFE): There is an explicit instruction to avoid staging sensitive information such as
.envfiles and credentials, mitigating the risk of accidental data exposure during the push process. - [PROMPT_INJECTION] (LOW): Like any tool that reads and summarizes codebase changes, it is theoretically susceptible to indirect prompt injection if the code diff contains malicious instructions aimed at the LLM. However, the script construction uses quoted heredocs, which is a robust defense against shell-level injection.
Audit Metadata