merge-code
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes Git shell commands such as
git checkoutandgit mergeto manage code branches. These operations are standard and necessary for the tool's intended purpose of automating code integration. - [PROMPT_INJECTION]: The skill handles untrusted data through local files (
package.json,CHANGELOG.md) and Git branch names. 1. Ingestion points: Local file content and branch name placeholders. 2. Boundary markers: Absent. 3. Capability inventory: File system modifications and Git subprocess execution. 4. Sanitization: None explicitly defined in the logic. This represents a potential surface for indirect prompt injection, though it is consistent with the skill's requirements for version control automation.
Audit Metadata