finishing-a-development-branch
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various local development tools including
gitfor version control,ghfor GitHub interactions, and language-specific test runners likenpm,cargo,pytest, orgo. These are necessary for the skill's primary function of automating branch completion. - [DATA_EXPOSURE]: It accesses local repository metadata, such as branch names and commit history, to populate Pull Request templates. This data is handled locally or sent to the configured remote repository (e.g., GitHub) as part of the intended workflow.
- [SAFE]: The skill implements significant safety controls, including a 'Verify Tests' gate that prevents merging failing code and a mandatory manual confirmation step ('discard') before performing destructive operations like branch deletion.
- [SAFE]: Pull Request body generation uses a shell heredoc with quoted delimiters (
'EOF'), which prevents shell expansion or command injection from the content of the commit messages being processed.
Audit Metadata