oma-scm
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides comprehensive instructions for Git operations while prioritizing repository integrity and security. It avoids risky global commands and enforces project-specific rules via configuration files.
- [COMMAND_EXECUTION]: The skill utilizes standard Git CLI commands (e.g.,
git status,git add,git commit) and basic Unix utilities (e.g.,sort,uniq,head,rg) to perform configuration management tasks and analyze repository metadata. These operations are limited to the repository scope. - [CREDENTIALS_UNSAFE]: The skill implements proactive security measures to prevent credential leakage. It includes a specific list of forbidden file patterns (e.g.,
*.env,*.pem,*.key,credentials.json) inconfig/commit-config.yamland explicitly instructs the agent to stop if secrets are detected or suspected during the staging process. - [PROMPT_INJECTION]: No attempts to override agent behavior or bypass safety guidelines were found. The skill includes an indirect prompt injection surface as it reads external data (repository history and files), but this is mitigated by instructions requiring explicit user approval for broad staging and shared-history rewrites.
Audit Metadata