workflow
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is purely instructional and provides a framework for planning and implementing code changes. It does not contain executable scripts, subprocess calls, or network operations.
- [SAFE]: It promotes security awareness by explicitly instructing the user to avoid 'git add .' or 'git add -A' to prevent the accidental exposure of sensitive files like .env or credentials.
- [SAFE]: The skill defines input sanitization expectations (rejecting null bytes) for commit messages and plan content, which is a positive security practice.
Audit Metadata