squash
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple git commands (checkout, pull, merge, branch, push) to automate the branch lifecycle. These are standard operations for its stated purpose.
- [PROMPT_INJECTION]: The skill processes user-supplied branch names as arguments. It incorporates a safety check using
git rev-parse --verify <branch>to validate inputs before they are used in further commands. - [PROMPT_INJECTION]: Findings for indirect prompt injection surface: 1) Ingestion points: Branch name argument provided to the
/squashcommand. 2) Boundary markers: No explicit delimiters are used for the branch name in the command templates. 3) Capability inventory: Subprocess calls to git for file system modifications and network push/pull. 4) Sanitization: Thegit rev-parsecheck acts as a validator for the provided input. - [SAFE]: Instructions such as 'Proceed without confirmation' are operational guidelines for the AI agent within the context of git management and do not attempt to override the underlying model's safety or ethical constraints.
Audit Metadata