git-resolve-conflicts
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes content from untrusted Git branches during the conflict resolution workflow. Ingestion points: Conflicted file content is read from the local repository using the Read tool. Boundary markers: The skill relies on standard Git markers (<<<<<<<, =======, >>>>>>>) but lacks explicit instructions to the agent to disregard instructions within the data. Capability inventory: Includes write-access commands such as git add, git commit, git push, and gh pr comment. Sanitization: There is no validation of the resolved content before it is committed.
- [COMMAND_EXECUTION]: Employs dynamic context injection in SKILL.md to gather repository information at load time. Evidence: Uses
!git branch --show-current, `!`git status --porcelain=v2 --branch,!git diff --name-only --diff-filter=U, and `!`git log --format='%h %s' --max-count=5to provide context on the current branch and state.
Audit Metadata