git-commit-push
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard git CLI commands including
git status,git add,git commit, andgit push. It also references a local project scriptnpm run cache:purge. All commands are consistent with the skill's stated purpose of automating version control workflows. - [DATA_EXFILTRATION]: While the skill involves a network operation (
git push), this is the core intended function of the tool and targets the user's own configured remote repositories. - [PROMPT_INJECTION]: No patterns of direct prompt injection, system prompt extraction, or safety filter bypass were detected in the instructions or metadata.
- [INDIRECT_PROMPT_INJECTION]: The skill presents a surface for indirect injection as it analyzes untrusted data (git diffs and file changes) to generate commit messages. However, this is inherent to the use case.
- Ingestion points: The skill analyzes output from
git statusand file changes during the commit message generation phase. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used in the prompt templates.
- Capability inventory: The skill has access to execute
git commit,git push, andnpm run cache:purgevia the agent's shell capability. - Sanitization: No specific sanitization or filtering of the analyzed file content is described.
Audit Metadata