git-pushing
Warn
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The script
scripts/smart_commit.shusesgit add .followed bygit push. This pattern is inherently risky as it indiscriminately stages and uploads all files in the workspace to a remote repository. If the workspace contains sensitive files such as.env, private keys, or credentials that are not covered by a.gitignorefile, they will be exposed to the remote server. - [COMMAND_EXECUTION]: The skill executes a local shell script
scripts/smart_commit.shwhich performs file system modifications (git add,git commit) and network operations (git push). - [PROMPT_INJECTION]: The instructions in
SKILL.mdcommand the agent to 'ALWAYS use the script' and 'do NOT use manual git commands'. This directive discourages the agent from following safer best practices, such as granular staging or reviewing changes before pushing, effectively suppressing the agent's autonomous safety checks. - [COMMAND_EXECUTION]: The script
scripts/smart_commit.shtakes a user-supplied or agent-generated commit message and interpolates it directly into a shell command:git commit -m "$MESSAGE". While double-quoted, this provides a surface for indirect prompt injection or shell metacharacter issues depending on how the agent processes the input string.
Audit Metadata