Skills
skills/paulund/ai/dev-commit-push-pr/Gen Agent Trust Hub

dev-commit-push-pr

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes common developer tools including Git, npm, Composer, and the GitHub CLI (gh). These commands are used according to their intended purpose for branch management, testing, and pull request generation.
  • [DYNAMIC_EXECUTION]: The skill invokes local project test suites using 'npm test' and 'composer run test'. While this executes code from the local repository, it is a standard and expected behavior for a development automation tool.
  • [INDIRECT_PROMPT_INJECTION]: The skill reads external data from the local repository that could contain malicious instructions.
  • Ingestion points: The agent reads file content and project state via 'git status' and 'git diff HEAD'.
  • Boundary markers: Absent. The instructions do not specify delimiters to separate repository content from the agent's core instructions.
  • Capability inventory: The agent has the ability to execute shell commands, modify files, and perform network operations through Git and the GitHub CLI.
  • Sanitization: Absent. The agent is instructed to fix root causes found during testing, which involves direct interpretation and modification of project files.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 04:14 PM
Security Audit — agent-trust-hub — dev-commit-push-pr