Skills
skills/onsager-ai/dev-skills/pre-push/Gen Agent Trust Hub

pre-push

Warn

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute several local shell commands for Git operations, including git fetch, git merge, git status, git diff, git add, git commit, git log, and git push.
  • [COMMAND_EXECUTION]: The skill relies on 'dynamic execution' by instructing the agent to find and run a 'check gate' command (e.g., just check or cargo build) specified in the repository's CLAUDE.md file or an external <repo>-dev-process skill. This pattern allows the execution of arbitrary shell commands defined in external files.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests instructions from potentially untrusted project files like CLAUDE.md to determine its execution logic.
  • Ingestion points: The agent is instructed to read CLAUDE.md and refer to the instructions in <repo>-dev-process.
  • Boundary markers: There are no delimiters or warnings used when reading these external files to prevent the agent from following malicious instructions embedded within them.
  • Capability inventory: The skill has the capability to execute arbitrary shell commands and interact with GitHub issues via MCP tools.
  • Sanitization: No sanitization or validation of the commands retrieved from CLAUDE.md is performed before execution.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 12, 2026, 10:41 PM
Security Audit — agent-trust-hub — pre-push