finishing-a-development-branch
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes standard development tools and version control commands (git, npm, cargo, pytest, go, gh). These commands are used as intended for branch management and local testing.
- [PROMPT_INJECTION] (SAFE): There are no attempts to override agent instructions or bypass safety filters. The skill includes beneficial guardrails, such as 'Red Flags' that prevent the agent from proceeding if tests fail or deleting work without explicit user confirmation.
- [DATA_EXFILTRATION] (SAFE): No sensitive files (e.g., SSH keys, credentials) are accessed. Network activity is limited to standard git operations (push, pull) and pull request creation via the GitHub CLI, which are consistent with the skill's primary purpose.
- [INDIRECT_PROMPT_INJECTION] (SAFE): While the skill processes test output and branch names (Category 8 surface), this is a core requirement of its functionality. The use of shell heredocs (EOF) for pull request creation provides a level of boundary marking for external data.
Audit Metadata