finishing-a-development-branch
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard development and version control commands, including git operations (merge, push, checkout, branch, worktree), test runners (npm, cargo, pytest, go test), and the GitHub CLI (gh pr create). These actions are consistent with the skill's primary purpose of managing branch lifecycles.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8) as it ingests data from the local repository environment, such as branch names and commit logs, to generate pull request content. • Ingestion points: Branch names and commit lists are retrieved via git commands in Step 2 and Step 4. • Boundary markers: No explicit boundary markers or 'ignore' instructions are used in the prompt templates. • Capability inventory: The skill has the ability to execute shell commands and interact with remote repositories via git and gh. • Sanitization: No specific sanitization or filtering of the ingested repository metadata is performed before interpolation into commands.
Audit Metadata