merge-main-cleanup
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple Git commands including 'git branch -D' and 'git push --delete' to remove branches, as well as 'git worktree remove' to clean up worktrees. It also uses the 'rg' (ripgrep) CLI tool for text filtering.
- [DATA_EXFILTRATION]: Interactions with external servers are limited to standard 'git push', 'git pull', and 'git fetch' operations to the repository's configured 'origin' remote. These are expected behaviors for a Git management skill.
- [PROMPT_INJECTION]: The skill processes branch names and filesystem paths returned by Git commands. Although these are external inputs, they are used as arguments to Git subcommands rather than being interpolated into natural language instructions that could trigger behavior overrides.
Audit Metadata