workflow-preflight
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes specific git and gh commands to gather repository state, check for uncommitted changes, and detect merge conflicts. It uses git merge-tree for dry-run conflict detection, which is a safe practice.
- [EXTERNAL_DOWNLOADS]: Fetches remote state and prunes stale references from the origin repository on GitHub to ensure the local environment is synchronized.
- [PROMPT_INJECTION]: The skill ingests metadata from GitHub issues and pull requests, creating a surface for indirect prompt injection.
- Ingestion points: Issue and PR metadata fetched via gh issue view and gh pr list in SKILL.md.
- Boundary markers: No markers or explicit instructions are provided to the agent to treat this data as untrusted.
- Capability inventory: The skill has the ability to execute git/gh commands and perform file operations (Read, TodoWrite).
- Sanitization: Metadata from the external repository is processed without sanitization or validation.
Audit Metadata