gitworkflow
Warn
Audited by Socket on May 20, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS. The skill’s Git/GitHub capabilities largely match its stated purpose and mostly use official tooling, but it has a major trust gap: a mandatory, unverifiable local `changelog` executable integrated into every commit/release flow. Combined with high-impact automated actions like PR merging, issue editing, and workflow deployment, this makes the skill high risk even without direct evidence of credential theft or malicious exfiltration.
Confidence: 88%Severity: 82%
Audit Metadata