ce-commit-push-pr

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs repository operations using git and gh (GitHub CLI). It implements security best practices by using quoted heredocs ('EOF' and '__CE_PR_BODY_END__') when creating commit messages and PR bodies. This technique ensures that data processed by the agent is treated as literal text and cannot be executed as shell commands.
  • [DATA_EXFILTRATION]: The skill interacts with the GitHub API to manage pull requests. It includes specific defensive instructions to avoid using git add . or git add -A, which prevents the accidental staging and transmission of sensitive local files like .env, build artifacts, or credentials to remote repositories.
  • [EXTERNAL_DOWNLOADS]: The skill references assets from well-known services, specifically img.shields.io for status badges and github.com for repository links. These are standard, low-risk integrations for developer-oriented tools.
  • [SAFE]: No malicious patterns such as prompt injection, obfuscation, or persistence mechanisms were detected. The skill's logic focuses on legitimate developer productivity and includes proactive measures to maintain environment security.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 07:41 AM
Security Audit — agent-trust-hub — ce-commit-push-pr