git-resolve-conflicts
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes untrusted data from external pull requests.
- Ingestion points: The skill reads local files containing conflict markers (
<<<<<<<,=======,>>>>>>>) originating from PR branches provided by external contributors. - Boundary markers: There are no explicit boundary markers or instructions to the agent to disregard potential instructions embedded within the conflicted code blocks.
- Capability inventory: The skill has extensive write capabilities, including
Edit(to modify source code),git commit,git push(to update remote repositories), andgh pr comment(to communicate on GitHub). - Sanitization: No validation or sanitization is performed on the content of the conflicted files before the agent is tasked with "understanding" and "integrating" the changes.
- [COMMAND_EXECUTION]: The skill makes extensive use of system commands through the
gitandgh(GitHub CLI) binaries. While these are necessary for the skill's primary function, the use of wildcards (*) in theallowed-toolssection provides a broad capability surface that could be misused if the agent's logic is subverted via prompt injection.
Audit Metadata