push-gate
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed as a security enhancement tool. It performs rigorous pre-push checks to ensure no credentials or forbidden files are accidentally committed to remote repositories.
- [COMMAND_EXECUTION]: The skill uses shell scripts (
preflight.sh,scan-secrets.sh) to orchestrate Git, Gitleaks, and Ripgrep commands. These operations are restricted to auditing the repository's state and history, consistent with its primary function. - [EXTERNAL_DOWNLOADS]: The skill requires external security tools (
gitleaks,ripgrep) to be installed on the host system. It provides clear installation instructions for various platforms but does not attempt to download or install these tools automatically, avoiding unverified remote code execution. - [DATA_EXFILTRATION]: While the skill performs
git fetchto check for branch divergence, this is a standard and necessary network operation for Git-based workflows. No data is sent to non-whitelisted or suspicious domains. - [REMOTE_CODE_EXECUTION]: The orchestration script includes a conditional check to run an advisory issue scan from a related skill (
github-ops) if it exists on the local filesystem. This is a local execution of a modular component and does not involve untrusted remote scripts.
Audit Metadata