create-branch
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several shell commands to determine state and perform actions, including
gh api userfor identity,git difffor context, andgit checkout -bfor branch creation. - [PROMPT_INJECTION]: The skill processes untrusted data from local repository files, presenting a surface for indirect prompt injection.
- Ingestion points: The skill reads output from
git diff,git diff --cached, andgit status --shortinSKILL.mdto understand the work being performed. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard potential instructions hidden within the diff output.
- Capability inventory: The skill can execute shell commands like
git checkout -b <branch-name>andgit checkout <default-branch>using the derived descriptions. - Sanitization: The skill includes explicit instructions in Step 4 for formatting the generated description (kebab-case, ASCII only, specific character exclusions), which serves as a control to prevent malicious strings from becoming part of a shell command.
Audit Metadata