skills/lijigang/ljg-skills/ljg-push/Gen Agent Trust Hub

ljg-push

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a bash script (Push.sh) that utilizes standard system utilities including git, rsync, sed, grep, and find to manage and synchronize files within the user's home directory.- [EXTERNAL_DOWNLOADS]: The script automatically clones a specific repository from GitHub (github.com/lijigang/ljg-skills) if it is missing from the local workspace.- [DATA_EXFILTRATION]: While the skill pushes local files to GitHub, this is its documented primary purpose. The scope is restricted to directories prefixed with 'ljg-' within the local skills folder, and the destination is the author's own repository.- [SAFE]: Uses a local network request to 'http://localhost:31337/notify' for status notifications, which is a common pattern for local developer tools and does not involve external data transmission.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 09:43 AM
Security Audit — agent-trust-hub — ljg-push