git-commit-pr

Warn

Audited by Socket on Apr 27, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The core Git/GitHub workflow is legitimate and uses official tools, but the skill includes two materially inconsistent behaviors: hard-coded author impersonation and explicit instructions to conceal AI involvement in public artifacts. There is no clear exfiltration or malware behavior, but the identity and stealth directives make the skill unsafe for trustworthy use.

Confidence: 92%Severity: 68%
Audit Metadata
Analyzed At
Apr 27, 2026, 07:57 AM
Package URL
pkg:socket/skills-sh/zc277584121%2Fmygitplugin%2Fgit-commit-pr%2F@f2d56fa6492e71c91034eb9ace8148ed4375a047
Security Audit — socket — git-commit-pr