git-conflicts
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various Git and GitHub CLI commands to manipulate the local and remote repository state. Specifically, it modifies the repository's configuration (e.g., setting
merge.conflictStyletozdiff3and enablingrerere) and is authorized to push changes to remote branches and comment on pull requests. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it involves reading and processing untrusted data from files that are currently in a conflicted state.
- Ingestion points: File content is ingested via the
Readtool for all files returned bygit diff --name-only --diff-filter=U. - Boundary markers: There are no explicit boundary markers or system-level instructions to ignore potential commands embedded within the code or text being resolved.
- Capability inventory: The skill possesses significant capabilities, including the ability to
Editfiles,git commit,git pushchanges to remote repositories, andgh pr commenton GitHub. - Sanitization: No content sanitization or validation is performed on the data read from the files. While the instructions require the removal of conflict markers, they do not provide safeguards against malicious instructions embedded within the sections of the code being merged.
Audit Metadata