commit-push-pr
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill implements a standard Git workflow without any malicious patterns. It includes clear warnings to prevent the accidental inclusion of sensitive data in repositories.
- [COMMAND_EXECUTION]: The skill utilizes legitimate, well-known CLI tools (git and gh) to perform repository management tasks. This is consistent with its stated purpose and relies on the user's existing environment and permissions.
- [DATA_EXFILTRATION]: While the skill involves network operations (pushing code and creating PRs), these actions are directed to the repository's configured remote (e.g., GitHub). The explicit instruction to check for and exclude .env or credential files effectively addresses the risk of accidental data exposure.
Audit Metadata