finishing-a-development-branch
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill directs the agent to execute various shell commands for git operations (
git merge,git branch -D,git worktree remove) and test suites (npm test,pytest,cargo test). These operations are necessary for the skill's primary purpose and do not involve unauthorized privilege escalation. - INDIRECT_PROMPT_INJECTION (LOW): The skill processes user-controlled data such as branch names and commit messages into shell commands (e.g., in
gh pr create). While it lacks explicit input sanitization code, the provided templates use heredocs (EOF) to mitigate common command injection risks in the PR creation step. - DATA_EXFILTRATION (SAFE): The skill utilizes
git pushandgh pr createto interact with external repositories. These are standard developer operations directed at the user's configured remotes and do not show signs of malicious exfiltration.
Audit Metadata