git-cleanup
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute local git commands for repository analysis and branch deletion. - The commands executed include
git branch -d,git branch -D, andgit worktree remove. - Security is maintained through explicit quoting of branch variables (
"$branch") to prevent shell expansion attacks from branch names containing special characters. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection as it ingests untrusted data from the local environment (git branch names and commit messages).
- Ingestion points: Data enters the agent context through
git branch,git log, andgit worktree listresults. - Boundary markers: The skill architecture enforces two distinct confirmation gates using
AskUserQuestion, preventing the agent from acting on instructions potentially embedded in git metadata without human oversight. - Capability inventory: The skill has the capability to delete local file system data via
git branch -Dandgit worktree remove. - Sanitization: The skill explicitly instructs the agent to quote branch names to prevent command injection and provides a gated workflow that requires the user to review all proposed deletions before execution.
Audit Metadata