finishing-a-development-branch
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill ingests local code and commit history to generate Pull Request summaries (Step 4, Option 2). Malicious content within the codebase could manipulate the agent's summary or the logic of the PR creation. While boundary markers like quoted heredocs are used, the logical processing of external content remains a risk factor.
- [Command Execution] (LOW): The skill executes various test runners (npm, cargo, pytest, go) and Git commands based on the local environment and branch names. This capability is necessary for the skill's function but could be exploited if an attacker controls the test suite or repository structure.
- [Data Exposure] (LOW): Uses GitHub CLI and Git to push local repository data to remote origins. This is standard behavior for the tool but technically constitutes external data transfer of the repository contents.
Audit Metadata