cmd-pr-conflict-resolver
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: Uses standard development tools like
gitandripgrep(rg) for local repository operations such as checking status, diffing, viewing logs, and staging resolved files. These operations are limited to the local environment and are necessary for the skill's purpose of resolving merge conflicts. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from the user's repository, including file contents and commit messages. While this creates a surface for indirect prompt injection, the risk is mitigated by explicit instructions for human review and escalation (Tier 3 conflicts) and a prohibition against automatic commits.
- [SAFE]: The skill follows security best practices by implementing a human-in-the-loop workflow, requiring the agent to wait for developer direction on ambiguous conflicts and leaving the final commit action to the user.
Audit Metadata