finishing-a-development-branch
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes several command-line tools including git, gh (GitHub CLI), and a project management tool named bd. These tools are used to manage code branches, synchronize with remote repositories, and track project epics. The skill dynamically assembles these commands at runtime based on the current environment and task data.\n- [EXTERNAL_DOWNLOADS]: Network activity is initiated through git pull, git push, and gh pr create commands. These operations interact with GitHub, a well-known service, to perform standard repository synchronization and pull request management.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it retrieves data from external CLI tools and incorporates it into shell commands and pull request descriptions.\n
- Ingestion points: External data enters the context via the output of bd show, bd list, and git branch commands.\n
- Boundary markers: The skill uses quoted heredocs ('EOF') when constructing multi-line pull request bodies to prevent shell expansion of the content, though other command-line arguments like titles and branch names are interpolated directly without explicit delimiters.\n
- Capability inventory: The skill executes commands in the system shell and can dispatch tasks to a separate test-runner agent.\n
- Sanitization: There is no evidence of explicit escaping or validation for strings derived from external tools before they are used as part of command-line arguments.
Audit Metadata