resolve-git-conflicts
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill instructions explicitly tell the agent to "Run the project's build/test/lint commands if defined" to verify the code. This is a high-risk pattern as it assumes the safety of any executable scripts defined within the repository's build system (e.g., package.json, Makefile, or tox.ini).
- REMOTE_CODE_EXECUTION (HIGH): Because conflict resolution often involves processing code from external sources (such as a pull request or a remote branch), an attacker can embed malicious commands in the repository's test or build scripts. When the agent attempts to 'verify the code' as instructed, it will execute the attacker's code on the host system.
- PROMPT_INJECTION (MEDIUM): This skill is highly susceptible to Indirect Prompt Injection (Category 8).
- Ingestion points: Untrusted data enters the agent context via
git showand direct file inspection of unmerged paths. - Boundary markers: There are no boundary markers or instructions to treat the code being resolved as potentially untrusted data.
- Capability inventory: The agent has the capability to write to the local filesystem and execute arbitrary shell commands (build/test scripts).
- Sanitization: None. The agent is encouraged to 'apply the changes directly' and 'decide per file', which could lead to following malicious instructions hidden in code comments or conflict markers.
Recommendations
- AI detected serious security threats
Audit Metadata