reconcile-merge-conflicts
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. Ingestion points: The skill reads raw file content via 'git show' and 'git diff' to identify conflicts (SKILL.md Step 3). Boundary markers: No delimiters or protective instructions are used when interpreting file content. Capability inventory: The skill executes shell commands for git and project-specific tests (Step 5, quality-gates.md). Sanitization: No validation or filtering is applied to the code being reconciled.
- [COMMAND_EXECUTION]: The skill executes git commands and dynamically identified local project scripts (e.g., npm run test, cargo test) to perform its core functions.
- [EXTERNAL_DOWNLOADS]: Outbound network connections are made via 'git fetch' to synchronize with remotes (SKILL.md Step 2).
Audit Metadata