finishing-a-development-branch
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands to interact with Git (git merge, git push, git checkout) and the GitHub CLI (gh pr create). It also invokes local test runners such as npm test, pytest, cargo test, and go test. These operations are consistent with the skill's stated purpose of development branch management and include logic to halt on failures.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface in Step 4 (Option 2) during the creation of a Pull Request.
- Ingestion points: PR title and summary bullets provided by the user or derived from recent work are used to populate the PR details.
- Boundary markers: The PR body content is wrapped in a shell heredoc (cat <<'EOF'), which effectively prevents command expansion within the body; however, the PR title is directly interpolated into the command line string without delimiters.
- Capability inventory: The skill has the capability to execute shell commands (git, gh) and read local files.
- Sanitization: There is no explicit sanitization or validation of the user-supplied title string before it is interpolated into the gh pr create command line, which could allow for argument injection if the title contains malicious flags.
Audit Metadata