push
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a robust security model for Git operations by requiring explicit user approval via the AskUserQuestion tool before executing staging, committing, or pushing commands.
- [DATA_EXPOSURE]: Implements proactive security checks to identify and prevent the accidental inclusion of sensitive files such as .env, credentials.json, .secret, and cryptographic keys (*.pem, *.key) in commits.
- [COMMAND_EXECUTION]: Operates within a well-defined scope of standard Git commands necessary for its primary function, with no evidence of arbitrary or unauthorized command execution.
- [PROMPT_INJECTION]: The skill processes untrusted file content (Ingestion points: local repository files via git diff). It lacks explicit boundary markers for this data. Its capability inventory includes git add, git commit, and git push. While no explicit sanitization is present, the mandatory user approval step effectively mitigates the risk of indirect prompt injection.
Audit Metadata