finish-feature
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill possesses an indirect prompt injection surface (Category 8) because it processes branch names which are external data. Ingestion points: Branch names are retrieved from the environment using git commands in Step 1 and 3 of the process. Boundary markers: Absent; the agent is not instructed to treat these inputs as untrusted or to use delimiters. Capability inventory: Access to several Git subcommands via the Bash tool, which could be exploited if command injection occurs. Sanitization: Absent; branch names are used directly in merge commands without validation or shell escaping.
Audit Metadata