commit-push-sync
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill implements a highly defensive Git workflow. It specifically instructs the AI agent to avoid committing sensitive files like
.envorcredentials.json, minimizing the risk of accidental data exposure. - [COMMAND_EXECUTION]: Git commands are used for their intended purpose. The instructions emphasize safety by forbidding destructive flags like
--no-verifyand ensuring that hooks are run. It also uses sandbox-compatible methods for multi-line commit messages usingprintfand$TMPDIRto avoid potential environment-specific execution failures. - [SAFE]: No remote code execution, obfuscation, or persistence mechanisms were found. All scripts provided are local examples and do not fetch external executable content.
Audit Metadata