git-orchestrator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill utilizes standard system utilities including
git,jq,sed,grep, andfindto manage the lifecycle of the configuration repository. These operations are restricted to the user's home directory (~/.claudeand~/.claude-worktrees). - CREDENTIALS_UNSAFE (SAFE): The inclusion of
scripts/secret-scanner.shprovides a proactive security measure that scans staged files for API keys, AWS tokens, and passwords before a commit is finalized, effectively preventing local credential exposure. - DATA_EXFILTRATION (SAFE): While
session-commit.shperforms agit push origin main, this is a primary function of the orchestrator intended for private repo management. The risk of unintended data leak is mitigated by the secret scanner and a detailed.gitignorethat excludes sensitive file patterns (e.g.,*.pem,*.key,credentials/). - EXTERNAL_DOWNLOADS (SAFE): The skill does not perform any remote script downloads or unverified package installations. It relies on tools assumed to be present in the local environment (
git,jq,bv,bd).
Audit Metadata