git-conflicts
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Git and GitHub CLI commands to assess and resolve conflicts. Examples include
git status,git diff,git config, andgh pr. These are standard tools for the stated purpose.\n- [DYNAMIC_CONTEXT_INJECTION]: The skill uses dynamic context injection placeholders to gather repository state information when the skill is loaded. \n - Evidence: Benign commands such as
git branch --show-current,git status --porcelain=v2 --branch, andgit versionare used to populate the context for the agent.\n- [EXTERNAL_DOWNLOADS]: The skill fetches data from remote repositories and pull requests usinggit fetchandgh pr view. These operations target well-known infrastructure (GitHub) and are necessary for resolving merge conflicts between branches.\n- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted content from files with conflict markers. While the skill focuses on technical resolution, it presents an attack surface for instructions embedded in the code being merged.\n - Ingestion points: File content is read via
Readandgit diffin SKILL.md.\n - Boundary markers: No explicit markers are used to separate conflict content from agent instructions.\n
- Capability inventory: The skill allows file editing (
Edit) and command execution (Bash).\n - Sanitization: No sanitization is performed on the content of the files being merged.
Audit Metadata