creating-branch
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill logic involves generating and executing shell commands (git checkout, git branch). While this is the primary purpose of the skill, it relies on the agent to safely handle the transition from generated branch names to command-line execution.
- PROMPT_INJECTION (LOW): Category 8: Indirect Prompt Injection. The skill ingests data from the local environment that could be influenced by an attacker to manipulate the generated branch name or agent behavior.
- Ingestion points: Reads
.arkhe.yamlfor configuration and scans the local directory for uncommitted git changes and specification files. - Boundary markers: None explicitly defined; the skill lacks delimiters or specific instructions to the agent to ignore instructions embedded within the files it reads.
- Capability inventory: Performs git operations, directory scanning, and file reads.
- Sanitization: The documentation claims to apply lowercasing, hyphenation, and keyword filtering to the resulting branch names, which acts as a basic form of sanitization.
- METADATA_POISONING (LOW): The skill's trigger metadata is highly permissive, using broad keywords such as 'branch', 'feature', and 'new task'. This creates a risk of over-activation where the skill may be invoked unintentionally during unrelated user queries.
Audit Metadata