git-pushing
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill executes a local script
smart_commit.shusingbash. It accepts user-controlled strings as commit messages (e.g.,bash skills/git-pushing/scripts/smart_commit.sh "feat: add feature"). If the internal script uses these arguments unsafely in a shell environment, it allows for arbitrary command execution.\n- [DATA_EXFILTRATION] (MEDIUM): The skill's core functionality is to push local code to a remote repository. While legitimate, this capability can be abused by a malicious agent or through prompt injection to exfiltrate the entire codebase to an attacker-controlled remote branch.\n- [INDIRECT_PROMPT_INJECTION] (HIGH): The skill creates a high-risk attack surface by connecting untrusted user input directly to a shell execution environment.\n - Ingestion points: Commit messages provided by the user or generated from code analysis.\n
- Boundary markers: Absent. No instructions are provided to the agent to sanitize or escape the commit message before passing it to the bash script.\n
- Capability inventory:
bashexecution (smart_commit.sh) and network access (git push).\n - Sanitization: Not evident. The workflow suggests direct interpolation of the message string into the bash command.
Recommendations
- AI detected serious security threats
Audit Metadata