fix-merge-conflicts
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill defines a workflow that ingests untrusted code from merge conflicts and executes it through build and test commands.
- Ingestion points: Conflict markers and file content mentioned in Workflow step 1.
- Boundary markers: No specific delimiters or safety instructions are provided to the agent to ignore instructions embedded in the code being resolved.
- Capability inventory: Workflow steps 4 and 5 involve running package managers, compilers, and test suites.
- Sanitization: No sanitization or verification of the code content is performed before execution.
- [Command Execution] (SAFE): The use of shell commands is restricted to standard development tools and is consistent with the skill's primary purpose.
Audit Metadata