Skills
skills/gupsammy/claudest/clean-branches/Gen Agent Trust Hub

clean-branches

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses local git and bash commands to fetch repository state and perform cleanup. Destructive actions like git branch -d and git worktree remove are gated behind user confirmation using the AskUserQuestion tool.
  • [PROMPT_INJECTION]: Implements a denylist of protected branches (main, master, develop, release/*) to prevent accidental deletion of critical project history.
  • [COMMAND_EXECUTION]: Employs safe Git defaults, specifically using the -d flag instead of -D to ensure branches are not deleted if they contain unmerged work, providing an additional layer of data protection.
  • [COMMAND_EXECUTION]: The execution of the candidate detection script uses proper shell quoting for the user-supplied pattern argument, mitigating potential command injection risks within the helper script.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 05:31 PM