resolve-conflicts
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard Git commands and developer tools (e.g.,
git status,git add,cargo update,npm install,cargo test) to perform its primary function of conflict resolution and validation. These are used according to their intended purposes within a development environment. - [EXTERNAL_DOWNLOADS]: To resolve conflicts in lock files, the skill instructs the agent to run official package managers like
npm,yarn, andcargo. These tools fetch dependencies from well-known, official registries, which is the standard and safe method for maintaining project integrity during a merge. - [PROMPT_INJECTION]: As the skill is designed to process and merge arbitrary code and text files, it has a surface for indirect prompt injection (Category 8) if a conflicted file contains malicious instructions. However, the risk is mitigated by the mandatory 'Plan Before Executing' step, which requires the agent to present a resolution strategy for human approval before making changes.
- [SAFE]: The included shell scripts (
handle-deleted-modified.shandvalidate-conflicts.sh) are utility scripts that automate repository checks and local backups. They do not perform network exfiltration or unauthorized privilege escalation.
Audit Metadata