finishing-a-development-branch
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill executes local development commands like
git,gh, and test runners (npm test,pytest, etc.). These operations are core to the skill's purpose and are guarded by confirmation steps and logical checks, such as verifying tests before merge. - INDIRECT_PROMPT_INJECTION (LOW): The skill processes project-specific data such as branch names and test outputs to generate Pull Requests and status reports. It utilizes safe shell constructs (heredocs) when passing data to the GitHub CLI, which mitigates the risk of command injection from potentially malicious branch names or code comments processed during PR generation.
Audit Metadata