branch-cleaner
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instruction bypass, override markers, or role-play injection patterns were found in the skill content.
- [Data Exposure & Exfiltration] (SAFE): No sensitive file access (e.g., SSH keys, credentials) or unauthorized network calls were identified. The use of git and GitHub CLI is consistent with the skill's stated purpose.
- [Command Execution] (SAFE): Execution is limited to local git and gh commands for branch management, which is the primary purpose of the skill.
- [Indirect Prompt Injection] (SAFE): The skill possesses a surface for indirect prompt injection via untrusted branch names and PR descriptions, but this risk is mitigated by the design requiring manual confirmation. Evidence Chain: 1. Ingestion points: Local branch list from
git branchand remote PR metadata fromgh pr list. 2. Boundary markers: No explicit boundary markers or ignore-instructions are defined. 3. Capability inventory: Commands include branch deletion (git branch -d). 4. Sanitization: Mitigation is achieved through a human-in-the-loop workflow where the user must approve deletion candidates.
Audit Metadata