done
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Orchestrates repository actions using 'git' and 'gh' (GitHub CLI) to automate pull request creation and branch management. It also integrates with a tracking utility called 'entire'.
- [PROMPT_INJECTION]: Extracts data from git history and local configurations to populate external PR descriptions and Linear comments. This creates a surface for indirect prompt injection via repository content.
- Ingestion points: Git commit logs, diff outputs, and local JSON configuration/state files.
- Boundary markers: No explicit delimiters are used in instructions to isolate repository-derived data.
- Capability inventory: Full access to shell execution for git/gh and MCP access to the Linear API.
- Sanitization: Git metadata and diff summaries are used without explicit filtering or validation.
- [COMMAND_EXECUTION]: The cleanup script utilizes inline Python commands to process local JSON files for automating the removal of git worktrees.
Audit Metadata