git-commit-push
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill uses standard Git commands like status, diff, add, commit, and push for their intended purposes. No suspicious command patterns or privilege escalation attempts were detected.
- [DATA_EXFILTRATION] (SAFE): Although the skill performs network operations via git push, this is the primary purpose of the skill. The instructions include a safety protocol that explicitly warns against committing secrets or credentials, mitigating the risk of data exfiltration.
- [PROMPT_INJECTION] (LOW): The skill has an indirect prompt injection surface because it processes untrusted file data via git diff to generate commit messages. 1. Ingestion points: The output of git diff and git status commands. 2. Boundary markers: None specified to separate code changes from instructions. 3. Capability inventory: The skill has the capability to execute git commands and push data to remote origins. 4. Sanitization: No sanitization or validation of the diff content is performed before the agent processes it.
Audit Metadata