ce-commit-push-pr
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard Git and GitHub CLI commands to manage repository state and pull requests. These are legitimate uses for the skill's purpose.
- [DATA_EXFILTRATION]: The skill provides specific instructions to avoid staging sensitive files like
.env, favoring explicit file lists over recursive additions. This helps prevent accidental exposure of credentials. - [DYNAMIC_CONTEXT_INJECTION]: The skill populates context at load time using shell commands (e.g.,
git status,git diff). These commands are static and do not incorporate user input, making them safe for the environment. - [INDIRECT_PROMPT_INJECTION]: The skill handles untrusted data from repository history and diffs. It mitigates potential command injection risks to the underlying shell by using quoted heredocs and temporary files when passing content to the GitHub CLI, ensuring the shell does not evaluate content generated from processed diffs.
Audit Metadata