Skills
skills/brave/brave-core/clean-branches/Gen Agent Trust Hub

clean-branches

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through branch names or GitHub PR metadata.
  • Ingestion points: The agent reads local branch names using git branch and pull request details (titles, URLs) using the gh pr list command in SKILL.md.
  • Boundary markers: The instructions lack delimiters or explicit warnings to the agent to ignore potential instructions embedded within branch names or PR titles.
  • Capability inventory: The skill executes shell commands including git branch -D for branch deletion based on the categorized data.
  • Sanitization: There is no evidence of sanitization or validation of the branch names or PR titles before they are displayed to the user or used to drive the deletion logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 12:38 AM