pull
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Git and pnpm shell commands to perform branch merges and run project-defined verification scripts. These are standard operations for development workflows.\n- [EXTERNAL_DOWNLOADS]: The skill communicates with the remote origin repository to fetch code updates. This is a standard and necessary function for a version control utility.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the handling of external code during merge operations.\n
- Ingestion points: Code is ingested from remote branches via git fetch and git merge as defined in SKILL.md.\n
- Boundary markers: Git uses standard conflict markers and zdiff3 formatting to isolate incoming changes.\n
- Capability inventory: The agent has shell access to run pnpm scripts as part of the verification process in SKILL.md.\n
- Sanitization: No explicit sanitization or filtering is performed on the incoming code before it is incorporated or tested.
Audit Metadata