merge-base-branch
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple git commands (branch, fetch, merge, etc.) and npm scripts (lint, test:coverage, build) to manage the repository state and verify code quality.
- [EXTERNAL_DOWNLOADS]: The skill performs a git fetch operation to download updates from the remote origin repository.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting data from the local repository environment. • Ingestion points: Reads configuration from the .agent file and branch names from the git environment (SKILL.md). • Boundary markers: No delimiters or ignore instructions are used to separate ingested data from agent instructions. • Capability inventory: The skill has the ability to execute shell commands via git and npm (SKILL.md). • Sanitization: There is no evidence of sanitization or validation of the branch names or configuration values before they are used in command strings.
Audit Metadata