Trust Assessment
git-pushing received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Command Injection via User-Provided Commit Message, Potential Data Exfiltration via `git add .` and `git push`, Broad File Staging with `git add .`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via User-Provided Commit Message The `smart_commit.sh` script directly uses the first argument (`$1`) as the commit message in `git commit -m "$MESSAGE"`. If the LLM passes unsanitized user input to this argument, a malicious user could craft a commit message containing shell metacharacters (e.g., `"; evil_command #"`) to execute arbitrary commands on the host system. The double quotes around `$MESSAGE` do not prevent this type of injection if the input itself contains a shell command separator. Sanitize the input `$1` to remove or escape shell metacharacters before passing it to the script, or ensure the LLM never passes arbitrary user input directly. A safer approach would be to use `git commit --file=-` and pipe the message to stdin, which avoids shell interpretation of the message content. | LLM | scripts/smart_commit.sh:10 | |
| HIGH | Potential Data Exfiltration via `git add .` and `git push` The skill uses `git add .` to stage all changes in the current directory and its subdirectories, followed by `git push` to send them to the remote repository. While this is the intended functionality, it grants the skill broad access to local files. If the LLM is prompted to use this skill in a repository containing sensitive data not intended for public sharing, or if unintended changes are present, this could lead to the exfiltration of sensitive information to a remote server. Implement stricter control over which files are staged (e.g., `git add -u` for tracked files only, or explicit file paths). Ensure the LLM is trained to only invoke this skill in appropriate contexts and to confirm changes before pushing, especially in sensitive environments. Consider adding a confirmation step before `git push`. | LLM | scripts/smart_commit.sh:13 | |
| MEDIUM | Broad File Staging with `git add .` The script uses `git add .` which stages all new, modified, and deleted files in the current directory and its subdirectories. This grants the skill broad permissions to interact with the filesystem. While necessary for its intended purpose, it increases the risk of accidentally staging and committing sensitive files that were not meant to be part of the commit, especially if the `.gitignore` is incomplete or the skill is invoked in an unexpected directory. Consider using more granular `git add` commands (e.g., `git add -u` to only stage changes to already tracked files, or requiring explicit file paths). Ensure the LLM is aware of the implications of `git add .` and uses it judiciously. | LLM | scripts/smart_commit.sh:7 |
Scan History
Embed Code
[](https://skillshield.io/report/7f63a9472ee7f2bd)
Powered by SkillShield