git-topic-commit-push

Pass

Audited by Gen Agent Trust Hub on Jul 1, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses several Git commands (git status, git diff, git log, git add, git commit, git push) to perform its primary function. These are standard operations for a version control automation tool.
  • [INDIRECT_PROMPT_INJECTION]: The skill reads external data from the local repository (diffs, logs, and file content) to generate commit messages. This creates a potential surface for indirect prompt injection if the repository content contains malicious instructions intended to manipulate the agent's behavior during the commit process.
  • Ingestion points: git diff, git log, and file contents read during classification.
  • Boundary markers: None specified for the untrusted data read from the repository.
  • Capability inventory: git commit, git add, and git push operations.
  • Sanitization: The skill does not explicitly mention sanitizing or escaping the repository content before processing it.
  • [SAFE]: The skill includes comprehensive safety instructions, such as prohibiting the use of destructive commands (git reset --hard, force push), protecting sensitive files like .env and private keys, and requesting user confirmation for ambiguous staging scenarios.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 1, 2026, 04:55 AM
Security Audit — agent-trust-hub — git-topic-commit-push