vcs-branch
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted issue data to generate shell commands. Ingestion points: Issue numbers and descriptions from external platforms (GitHub/GitLab) as mentioned in SKILL.md. Boundary markers: Absent. Capability inventory: Shell command execution via
git checkout -bin SKILL.md. Sanitization: Absent, but the workflow requires a mandatory 'MITM Confirmation' step for user approval before execution. - [Command Execution] (SAFE): The skill uses standard Git commands for branch management. The risk of command injection via the branch name variable is addressed by the explicit requirement for human approval of the final string.
Audit Metadata