Skills
skills/terrylica/cc-skills/chezmoi-sync/Gen Agent Trust Hub

chezmoi-sync

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes shell commands using the Bash tool to run chezmoi and git. These commands are used to detect file changes, add files to the source repository, and commit/push changes.
  • [DATA_EXFILTRATION]: The skill facilitates the transfer of local configuration files (dotfiles) to a remote git repository. This is the core functionality of the skill and uses the user's pre-configured repository settings in chezmoi.
  • [PROMPT_INJECTION]: Ingests local file content through chezmoi diff and chezmoi status. This creates an indirect prompt injection surface where malicious file content could attempt to influence the agent's behavior. However, the skill incorporates AskUserQuestion as a boundary marker, requiring human oversight before executing sync or git operations.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 01:06 AM