merge
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were detected. The skill's behavior is consistent with its stated purpose of Git branch management.
- [COMMAND_EXECUTION]: The skill executes Git commands (checkout, merge, tag, branch) and a local Python script (
session_manager.py) to manage repository state. These commands are localized to the repository and do not interact with untrusted remote resources. - [PROMPT_INJECTION]: Identifies a surface for indirect prompt injection where session data and task descriptions are interpolated into Git history and summary files.
- Ingestion points: Variables such as
{task}and{winner}are interpolated into commit messages and markdown files inSKILL.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the templates.
- Capability inventory: Executes Git binary and local Python scripts (documented in
SKILL.md). - Sanitization: No explicit validation or escaping of the task description or agent names is performed before interpolation.
Audit Metadata