merge-protocol
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes shell commands for Git version control and project test runners including npm, cargo, pytest, and go. These are necessary and standard operations for the skill's documented purpose.\n- [COMMAND_EXECUTION]: Invokes the GitHub CLI tool to create pull requests on a well-known service. This is a legitimate use of development tooling.\n- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it interpolates branch names and generated summaries into pull request templates.\n
- Ingestion points: Project branch names and agent-generated change summaries (SKILL.md).\n
- Boundary markers: Utilizes 'EOF' heredoc delimiters in shell commands to wrap external content.\n
- Capability inventory: Accesses shell commands, Git, and GitHub CLI tools.\n
- Sanitization: Relies on heredoc structure for basic isolation; lacks explicit sanitization or validation of the interpolated content.
Audit Metadata