push
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use git for repository management and various package managers (npm, pnpm, yarn, bun) to run quality gate scripts like linting and testing.\n- [DATA_EXFILTRATION]: The skill maintains a local audit trail by appending push activity data to a file at
~/.uds/push-history.jsonl. No unauthorized external data transmission was detected.\n- [PROMPT_INJECTION]: The skill processes repository metadata such as branch names and commit logs. This presents a standard architectural surface for indirect prompt injection common to developer tools.\n - Ingestion points: Reads data via
git rev-parseandgit logto determine branch status and history.\n - Boundary markers: The instructions focus on structured workflow steps and do not explicitly define data/instruction delimiters for the git output.\n
- Capability inventory: Accesses git commands, package manager scripts, and local file writing capabilities.\n
- Sanitization: The skill processes standard repository metadata without specific instructions for input validation or sanitization.
Audit Metadata