git-branch-cleanup
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill ingests untrusted branch names from local and remote Git repositories. An attacker can create a branch with a name containing shell metacharacters or nested instructions to exploit the agent's execution environment.\n
- Ingestion points: Workflow step 4 (
git branch -r) and step 5 (git for-each-ref) retrieve branch names from potentially external/untrusted contributors.\n - Boundary markers: Absent. There are no instructions to safely delimit or quote branch names when passing them to shell commands.\n
- Capability inventory: Step 6 (
git branch -d) and step 7 (git push origin --delete) are destructive operations that execute commands with the ingested data.\n - Sanitization: None. The workflow does not specify validation or escaping of branch names before interpolation into command strings.\n- Command Execution (MEDIUM): The skill relies on multiple shell commands to interact with the Git environment. While these are necessary for the stated purpose, the combination with untrusted input increases the risk of command injection.
Recommendations
- AI detected serious security threats
Audit Metadata