Gitrama — Git History Intelligence

The skill's requirements and instructions are internally consistent with a Git-history AI CLI: it needs git and pip, installs via PyPI, and sends gathered repo context to api.gitrama.ai — the main risk is sensitive repository data being transmitted to an external service, which the skill explicitly does.

This skill appears to do what it says: a CLI that collects git history locally and sends it to api.gitrama.ai for analysis. Before installing/use, consider: (1) Privacy — repository commits, diffs, and file trees (possibly containing secrets) will be sent to an external server; do not run this against repos that contain secrets or sensitive IP unless you accept that risk. (2) Verify the PyPI package and publisher identity (check pypi.org owner, release history) before pip installing. (3) Test on a non-sensitive repository first to confirm exactly what data is transmitted. (4) Review Gitrama's privacy/security policy on gitrama.ai and confirm the TLS endpoint (https://api.gitrama.ai) is what you expect. (5) If you need on-device processing, look for alternatives that run locally. These precautions will reduce data-exfiltration and supply-chain risk.