git-sync-dev-submodules
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's behavior is consistent with its stated purpose of synchronizing Git repositories. No obfuscation, data exfiltration, or persistence mechanisms were detected.
- [COMMAND_EXECUTION]: The scripts execute Git commands (e.g.,
fetch,merge,rebase) using parameters provided via command-line flags. All shell variables are correctly double-quoted (e.g.,"$REMOTE/$DEV_BRANCH") to prevent word splitting and command injection. Additionally, the scripts use standard Git flags like--to separate paths from options. - [EXTERNAL_DOWNLOADS]: The skill performs
git fetchandgit submodule updateoperations. These are standard Git synchronization tasks and do not involve downloading or executing arbitrary remote scripts.
Audit Metadata