Skills
skills/tencentcloudbase/cloudbase-mcp/git-workflows/Gen Agent Trust Hub

git-workflows

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses git, gh (GitHub CLI), and npm to automate repository management, including branching, committing directly to main, and creating GitHub releases.
  • [EXTERNAL_DOWNLOADS]: Utilizes npx bumpp in the versioning workflow, which fetches and executes a package from the npm registry.
  • [PROMPT_INJECTION]: The skill processes untrusted data from GitHub Actions logs, creating a potential surface for indirect prompt injection.
  • Ingestion point: references/source-commands.md (Step 2 in the GitHub workflow fix section).
  • Boundary markers: Not explicitly implemented for log content analysis.
  • Capability inventory: Includes git push and gh pr create across multiple workflow scripts.
  • Sanitization: No explicit sanitization of log content before analysis is performed.
  • [SAFE]: The instructions mandate explicit user confirmation before any external side effects (push, PR, release) are performed and include specific checks to ensure sensitive data is not committed to the repository.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 02:23 AM