Skills
skills/shhac/skills/sync-fork/Gen Agent Trust Hub

sync-fork

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No security issues detected. The skill follows secure development practices for AI agents.
  • [SAFE]: The skill includes explicit instructions for the agent to redact credentials from Git remote URLs (e.g., replacing 'user:token@' with '***@') before displaying them to the user, preventing sensitive data exposure.
  • [SAFE]: The included helper script scripts/sync_fork.py relies exclusively on the Python standard library and does not download or execute external code. It interacts with the Git CLI using subprocess.run without a shell, which prevents command injection vulnerabilities.
  • [SAFE]: All significant operations, especially destructive ones like git reset --hard or git push --force-with-lease, are designed with human-in-the-loop safeguards, requiring the agent to present a plan and obtain explicit user confirmation before proceeding.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 06:04 PM