finishing-branch
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill generates PR descriptions by processing output from git log and git diff, creating an indirect prompt injection surface where malicious content in commits or code comments could influence the agent.
- Ingestion points: Git log and diff outputs in Step 2 and Step 3.
- Boundary markers: None present in the instructions.
- Capability inventory: Git branch management, file system access, and GitHub PR creation via the gh CLI tool.
- Sanitization: No validation or sanitization of git output is performed before processing.
- [COMMAND_EXECUTION]: The cleanup logic uses xargs to pipe branch names to git branch -d. This pattern can be vulnerable to command injection if branch names contain shell metacharacters. Additionally, the skill uses a hardcoded absolute Windows path D:\Node JS Starter V1 which restricts its portability and may cause errors in other environments.
Audit Metadata