finishing-a-development-branch
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes git and GitHub CLI commands necessary for branch management and pull request creation. These commands are used according to standard development workflows and follow the skill's stated purpose.
- [DYNAMIC_EXECUTION] (SAFE): The
scripts/run-testsutility identifies the appropriate test runner (e.g., npm, cargo, pytest). Security is maintained by selecting from a whitelist of hardcoded runner commands rather than executing arbitrary strings directly from repository metadata. - [INDIRECT_PROMPT_INJECTION] (SAFE): The skill reads project files like
package.jsonandMakefileto detect the test environment. 1. Ingestion points:scripts/run-testsreads metadata files. 2. Boundary markers: None. 3. Capability inventory: git operations and test runners. 4. Sanitization: The skill uses the files only for environment detection and does not execute the data content, mitigating injection risks. - [DATA_EXPOSURE] (SAFE): Operations are confined to the local repository and the configured git remote. No patterns for accessing sensitive system files (e.g., SSH keys) or exfiltrating data to unknown domains were identified.
Audit Metadata