gitworkflow

Warn

Audited by Socket on May 20, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS. The skill’s Git/GitHub capabilities largely match its stated purpose and mostly use official tooling, but it has a major trust gap: a mandatory, unverifiable local `changelog` executable integrated into every commit/release flow. Combined with high-impact automated actions like PR merging, issue editing, and workflow deployment, this makes the skill high risk even without direct evidence of credential theft or malicious exfiltration.

Confidence: 88%Severity: 82%
Audit Metadata
Analyzed At
May 20, 2026, 08:40 PM
Package URL
pkg:socket/skills-sh/AojdevStudio%2Fagentic-utilities%2Fgitworkflow%2F@177cc593e6b5e2d335378c315ea2647999ae7729