// Inspect recent git history of a Python package repository for suspicious commits touching supply-chain-sensitive files, then triage findings with AI reasoning to produce a structured risk report section.
| name | python-packaging-git-audit |
| description | Inspect recent git history of a Python package repository for suspicious commits touching supply-chain-sensitive files, then triage findings with AI reasoning to produce a structured risk report section. |
| allowed-tools | Bash Read Grep |
Inspects the recent git history of a Python package repository for commits that modify supply-chain-sensitive files (setup.py, CI configs, .pth files, etc.) and contain suspicious patterns. Produces a self-contained "Git History Analysis" report section with triaged findings and a risk assessment.
RISK_RATING:<value> so
the orchestrator can parse it without reading the full report.Determine the number of commits available and scan up to the last 50:
git -C <repo-path> log -50 --format='%H'
From those commits, identify ones that modify supply-chain-sensitive files:
setup.py, setup.cfg, pyproject.toml, MANIFEST.in.github/workflows/*.yml, .gitlab-ci.yml.pth files__init__.py files at package rootgit -C <repo-path> log -50 --diff-filter=ACMR --name-only --format='COMMIT:%H|%aI|%ae' -- \
setup.py setup.cfg pyproject.toml MANIFEST.in \
'.github/workflows/*.yml' .gitlab-ci.yml \
'*.pth' '*/__init__.py'
For each flagged commit, extract the diff and search for suspicious patterns:
eval(, exec(, compile(subprocess, os.system, os.popenbase64, marshal, picklesocket, urllib, requests.get, httpxctypes, cffihttp://, https://git -C "<repo-path>" show --format= -m --first-parent "<commit>" -- "<file>" | \
grep -nE 'eval\(|exec\(|compile\(|subprocess|os\.system|os\.popen|base64|marshal|pickle|socket|urllib|requests\.get|httpx|ctypes|cffi|https?://'
Collect per finding: commit hash, author, date, file modified, and matching patterns.
Review git history findings with AI reasoning. There are no deterministic rules for this phase — each finding requires contextual judgment.
For each flagged commit, consider:
Flag commits that introduced suspicious patterns into sensitive files. Assign a verdict to each:
Produce the following markdown section:
## Git History Analysis (Last 50 Commits)
**Commits touching sensitive files:** {N}
| Commit | Date | Author | File | Patterns Found |
|--------|------|--------|------|----------------|
| abc1234 | 2026-03-15 | user@example.com | setup.py | subprocess, os.system |
**AI Assessment:** {Brief narrative on whether the git history changes look normal or concerning, with reasoning}
The risk_rating for this phase is one of:
If output_file is provided, write the file with the first line as
RISK_RATING:<value> followed by a blank line and then the markdown section
above. If output_file is not provided, return the report section inline.
| Scenario | Behavior |
|---|---|
| Path is not a git repository | Report "not a git repository", risk_rating = needs_review |
| Fewer than 50 commits available | Scan all available commits, note count in report |
| No sensitive files modified in history | Report "no sensitive files found", risk_rating = no_issues |
Scan a Python package repository for compiled/binary files using Fromager-style detection and malcontent YARA analysis, then triage findings with deterministic rules and AI reasoning to produce a structured risk report section.
Use this skill to evaluate the security of a Python package repository by orchestrating static analysis, binary scanning, and git history inspection sub-skills in parallel, then combining their results into a unified security report with a risk rating.
Run hexora static analysis on a Python package repository to detect suspicious code patterns, then triage findings with deterministic rules and AI reasoning to produce a structured risk report section.
Use this skill to identify non-Red Hat RPM packages installed in container images or on the local machine. For containers, pulls images across multiple architectures and release tags; for local scans, inspects the host directly. Extracts RPM signing metadata and reports packages not signed with the Red Hat GPG key as CSV output. Use when auditing compliance, checking supply-chain provenance, or scanning for third-party RPMs in RHOAI component images.
Sync code from an upstream GitHub repository into a target fork (e.g., opendatahub-io midstream). Detects remotes from the current repo, or clones fresh if run from outside. Fetches upstream, merges into a sync branch, restores protected files, resolves conflicts, and opens a PR to the target GitHub repo. Use when asked to sync upstream, merge upstream changes, or bring a GitHub fork up to date with its upstream source.
Verify acli installation and authentication. Checks if acli is installed, authenticated to Jira, and can query projects. Use when troubleshooting acli issues or setting up acli for the first time.