merge-worktree
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple git commands to manage the repository state, including
git merge,git add, andgit committo automate the merge and resolution process in the main worktree.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to the way it handles merge conflicts.\n - Ingestion points: The agent reads file content containing git conflict markers and historical versions via
git showas part of its resolution logic in SKILL.md.\n - Boundary markers: The instructions do not specify any boundary markers or delimiters to protect the agent from instructions embedded within the code blocks it processes.\n
- Capability inventory: The skill allows the agent to write resolved content to the filesystem and stage/commit changes, which could be exploited if malicious instructions are present in the files being merged.\n
- Sanitization: No sanitization or safety-filtering is applied to the untrusted file content before the AI attempts to interpret or resolve the conflicts.
Audit Metadata