Skills
skills/codingcossack/agent-skills-library/finishing-a-development-branch/Gen Agent Trust Hub

finishing-a-development-branch

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (HIGH): The skill automatically executes shell commands based on the presence of project configuration files.
  • Evidence: In Step 1 (Verify Tests), the skill executes npm test, cargo test, pytest, go test, or make test based on the project structure.
  • Risk: If the skill is run against a malicious repository, these commands can be hijacked (e.g., a malicious test script in package.json or a malicious test target in a Makefile) to execute arbitrary code with the agent's privileges.
  • PROMPT_INJECTION / Indirect (HIGH): The skill ingests untrusted data from the repository's git history to populate command arguments.
  • Evidence: In Step 4 (Option 2), the skill extracts the TITLE for a Pull Request directly from git commit messages using git log and uses it in a gh pr create command. It also uses cat <<'EOF' to ingest a body with bullets.
  • Risk: This represents an 'Indirect Prompt Injection' surface. Maliciously crafted commit messages could attempt to influence the agent's behavior or provide instructions to downstream tools that process the generated PR.
  • EXTERNAL_DOWNLOADS (LOW): The skill suggests downloading the gh CLI from a specific URL.
  • Evidence: It points users to https://cli.github.com/.
  • Risk: While this is a trusted source, it remains an external reference. Per security policy, this is rated as LOW due to the trusted status of the GitHub CLI official site.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:56 AM