Skills
skills/fradser/dotclaude/commit-and-push/Gen Agent Trust Hub

commit-and-push

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill interpolates user-controlled data directly into a shell command execution string.\n
  • Ingestion points: The 'intent' derived from the conversation history and the Claude model name provided via the $ARGUMENTS variable are both used to build the command line for git-agent commit.\n
  • Boundary markers: The instructions attempt to wrap the interpolated variables in double quotes (e.g., --intent "<intent>"), which provides a basic level of shell escaping.\n
  • Capability inventory: The skill is granted access to git-agent and git binaries via the allowed-tools frontmatter, and it uses these to perform commits and network-based git push operations.\n
  • Sanitization: There is no explicit sanitization or filtering of the derived intent or argument strings before they are passed to the shell, which represents a standard command injection surface for this type of tool.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 07:55 AM