git-os
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the 'Bash' tool to perform 'git' operations and 'npx commitlint' checks. These commands are integral to the stated purpose of managing a Git workflow and are restricted to appropriate use cases.
- [EXTERNAL_DOWNLOADS]: The skill uses 'npx --no-install' for commit linting, which ensures that the execution is limited to locally installed packages and prevents the automated download of untrusted external code.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection via user-controlled data in Git commits and PRs. Ingestion points: PR titles, descriptions, and commit history. Boundary markers: None present. Capability inventory: 'Bash' access for Git commands in SKILL.md. Sanitization: The skill enforces a strict conventional commit format which provides a layer of structural validation for incoming text.
Audit Metadata