conflict-resolution
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly susceptible to indirect prompt injection due to its core functionality.
- Ingestion points: The skill reads external content from files with conflict markers (e.g.,
cat src/services/user.ts,git status). - Boundary markers: It relies on standard Git conflict markers (
<<<<<<<,=======,>>>>>>>) which are not robust security boundaries against adversarial content. - Capability inventory: The skill can write to the filesystem (
git checkout,git add), commit code, and execute arbitrary code via the test runner (pnpm test). - Sanitization: There is no logic to sanitize or filter the content of the code being merged, allowing embedded instructions to potentially influence the agent's behavior during the resolution process.
- COMMAND_EXECUTION (MEDIUM): The skill executes multiple system commands with side effects.
- Evidence: It uses
git push --force-with-lease, which can rewrite remote history, andpnpm test, which executes project-defined scripts that could contain malicious code if the project files themselves were compromised via a conflict injection.
Recommendations
- AI detected serious security threats
Audit Metadata