Skills
skills/x-zero-l/agent-skills/auto-commit/Gen Agent Trust Hub

auto-commit

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The skill executes local git commands (status, diff, add, commit, push) via bash. This is the primary intended purpose. It includes safeguards such as chaining commands with && for error handling and explicitly forbidding destructive operations like git reset --hard or git push --force.
  • [DATA_EXFILTRATION] (SAFE): The skill performs git push to a remote repository. This is an intended function. To prevent accidental sensitive data exposure, Rule 7 explicitly mandates skipping .env files, credentials, secrets, and API keys.
  • [PROMPT_INJECTION] (LOW): The skill is subject to Indirect Prompt Injection (Category 8) because it ingests untrusted data via git diff. Ingestion points: File contents via git diff. Boundary markers: Not implemented for input data. Capability inventory: git commit, git push. Sanitization: None. However, the risk is classified as LOW as it is inherent to git analysis tools and the skill includes rules to maintain focus on logical changes.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:37 PM