sc-push
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted git metadata which serves as an indirect prompt injection surface.
- Ingestion points: Git metadata is read via
git branch,git status, andgit remoteas described inSKILL.md. - Boundary markers: The skill lacks delimiters or explicit instructions to ignore embedded instructions when interpolating these values into shell templates.
- Capability inventory: The skill utilizes
bashto execute sensitive git operations including branch creation, deletion, and force-pushing. - Sanitization: No evidence of input validation or shell escaping for branch names, remote names, or file paths is present in the workflow.
- [COMMAND_EXECUTION]: The skill dynamically generates and executes bash commands for complex git workflows.
- Evidence:
SKILL.mddefines command templates such asgit push <remote> tmp-push-<remote>-$$:<branch> --forcethat are populated at runtime with variables derived from the local environment.
Audit Metadata