finishing-a-development-branch
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [Command Execution] (SAFE): The skill uses standard development tools including git, npm, and cargo to manage code. These operations are essential to the skill's primary purpose.
- [Indirect Prompt Injection] (LOW): This category is flagged because the skill ingests external data that could influence its behavior.
- Ingestion points: Local git branch names and commit messages.
- Boundary markers: None present; branch names are interpolated directly into shell commands.
- Capability inventory: Execution of shell commands (git, test runners), file system interaction, and network access via 'git push'.
- Sanitization: The skill does not explicitly sanitize branch names or commit messages before using them in shell commands or PR descriptions. An attacker who can control a branch name (e.g.,
; rm -rf /) could potentially achieve command execution if the agent does not provide its own layer of shell escaping.
Audit Metadata