finish
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing untrusted branch content and test output through sub-agents.
- Ingestion points: Code diffs and file contents from the active development branch (Step 2 and Step 3).
- Boundary markers: Absent. The skill does not provide delimiters or instructions to sub-agents to ignore instructions within the analyzed data.
- Capability inventory: Shell command execution for git operations, testing, and PR creation, along with sub-agent dispatching.
- Sanitization: Absent. No filtering or escaping is performed on the data before processing.
- [COMMAND_EXECUTION]: The skill performs shell commands for testing, git operations, and GitHub interactions. This is core functionality for a development finishing tool. Evidence: use of npm test, cargo test, pytest, go test, git, and gh pr create.
Audit Metadata