git-spice
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONNO_CODE
Full Analysis
- [SAFE]: The skill acts as a documentation and command guide for the git-spice CLI tool, a legitimate utility for Git branch management.
- [COMMAND_EXECUTION]: Tool execution is limited to git and gs commands via Bash, which is consistent with the stated purpose of managing code repositories and branch stacks.
- [CREDENTIALS_UNSAFE]: The skill refers to standard authentication procedures (gs auth login) for accessing GitHub or GitLab, which are standard operations for this tool category and show no sign of credential harvesting or exfiltration.
- [NO_CODE]: No external scripts, binaries, or encoded payloads are included in the skill files; the skill is entirely instructional.
- [SAFE]: Metadata inconsistencies in the repository path field do not pose a security risk and appear to be artifactual rather than deceptive metadata poisoning.
Audit Metadata