git-topic-commit-push
Pass
Audited by Gen Agent Trust Hub on Jul 1, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses several Git commands (
git status,git diff,git log,git add,git commit,git push) to perform its primary function. These are standard operations for a version control automation tool. - [INDIRECT_PROMPT_INJECTION]: The skill reads external data from the local repository (diffs, logs, and file content) to generate commit messages. This creates a potential surface for indirect prompt injection if the repository content contains malicious instructions intended to manipulate the agent's behavior during the commit process.
- Ingestion points:
git diff,git log, and file contents read during classification. - Boundary markers: None specified for the untrusted data read from the repository.
- Capability inventory:
git commit,git add, andgit pushoperations. - Sanitization: The skill does not explicitly mention sanitizing or escaping the repository content before processing it.
- [SAFE]: The skill includes comprehensive safety instructions, such as prohibiting the use of destructive commands (
git reset --hard, force push), protecting sensitive files like.envand private keys, and requesting user confirmation for ambiguous staging scenarios.
Audit Metadata