push-gate

Pass

Audited by Gen Agent Trust Hub on Jul 4, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is designed as a security enhancement tool. It performs rigorous pre-push checks to ensure no credentials or forbidden files are accidentally committed to remote repositories.
  • [COMMAND_EXECUTION]: The skill uses shell scripts (preflight.sh, scan-secrets.sh) to orchestrate Git, Gitleaks, and Ripgrep commands. These operations are restricted to auditing the repository's state and history, consistent with its primary function.
  • [EXTERNAL_DOWNLOADS]: The skill requires external security tools (gitleaks, ripgrep) to be installed on the host system. It provides clear installation instructions for various platforms but does not attempt to download or install these tools automatically, avoiding unverified remote code execution.
  • [DATA_EXFILTRATION]: While the skill performs git fetch to check for branch divergence, this is a standard and necessary network operation for Git-based workflows. No data is sent to non-whitelisted or suspicious domains.
  • [REMOTE_CODE_EXECUTION]: The orchestration script includes a conditional check to run an advisory issue scan from a related skill (github-ops) if it exists on the local filesystem. This is a local execution of a modular component and does not involve untrusted remote scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 4, 2026, 07:00 PM
Security Audit — agent-trust-hub — push-gate