pre-push-review
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local git commands including status, diff, and ls-files to inspect the working tree and pending changes.
- [COMMAND_EXECUTION]: It identifies and runs verification scripts (test, lint, typecheck) found within the project's source code and configuration files.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because its execution workflow is dependent on instructions extracted from external project files.
- Ingestion points: Extracts verification commands from 'pyproject.toml', 'package.json', 'README.md', and CI configuration files.
- Boundary markers: No protective delimiters or explicit instructions to ignore embedded malicious content are present.
- Capability inventory: Subprocess execution of arbitrary project-defined scripts.
- Sanitization: No validation or escaping is applied to the command strings derived from project metadata and documentation.
Audit Metadata