git-hooks-automation
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard shell commands to configure local Git hooks, manage file permissions (chmod +x), and execute development tools like npm, npx, and pip. This is consistent with the stated purpose of automating Git workflows.
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install well-known development packages such as 'husky', 'lint-staged', and 'pre-commit' from official package registries (npm, PyPI).
- [EXTERNAL_DOWNLOADS]: The 'pre-commit' configuration references several reputable, community-maintained repositories on GitHub (e.g., pre-commit/pre-commit-hooks, psf/black, astral-sh/ruff-pre-commit) to fetch hook logic. These are standard practices for the tool.
- [SAFE]: The 'Portable Pre-Commit Hook' example includes a defensive check that uses regular expressions to detect and block the commitment of sensitive information, such as AWS access keys, GitHub tokens, and hardcoded passwords.
- [SAFE]: The instructions promote the use of framework-managed hooks over manual .git/hooks manipulation to ensure configuration is version-controlled and shared securely across development teams.
Audit Metadata