pr-commiter
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is implemented with a strong focus on security and reliability for version control operations.
- [COMMAND_EXECUTION]: Shell commands involving variable input, such as file paths and commit messages, are properly handled. The script uses bash arrays and explicit quoting to prevent word splitting and globbing issues. Furthermore, it employs the
--separator in git commands to ensure that user-provided strings are strictly interpreted as paths, mitigating argument injection risks. - [DATA_EXPOSURE]: The script includes path normalization and validation logic. It ensures that all file operations are confined within the repository's root directory and explicitly forbids directory traversal characters like
... - [EXTERNAL_DOWNLOADS]: No external code, scripts, or dependencies are fetched from the internet. The tool relies exclusively on local binaries (git, gh, python3) and repository-local configuration.
- [PROMPT_INJECTION]: The instructions provided in SKILL.md are clear and instructional. They define a strict operational workflow for the agent without attempting to bypass safety filters or override system-level constraints.
Audit Metadata