managing-branches
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill automates git workflows by executing commands such as 'git' and 'gh' through Python's subprocess module. It constructs these commands using argument lists, which is a secure practice that prevents shell injection attacks.\n- [DATA_EXFILTRATION]: Network operations are restricted to standard Git commands (push and pull) against the repository's configured 'origin' remote. No unauthorized data transmission or hardcoded credentials were detected.\n- [PROMPT_INJECTION]: The skill mitigates risks associated with processing user-provided data, such as branch names and issue references. Analysis of the Indirect Prompt Injection (Category 8) surface shows:\n
- Ingestion points: User-provided branch names, issue descriptions, and the repository configuration file.\n
- Boundary markers: None explicitly implemented for input data.\n
- Capability inventory: Execution of Git and GitHub CLI commands and local file modification via the 'Write' tool.\n
- Sanitization: Branch names are strictly sanitized in 'branch-manager.py' using regex ([^a-z0-9-]) to prevent command or prompt injection.
Audit Metadata