finishing-a-development-branch
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes Git commands (merge, push, worktree) and project test runners (npm, cargo, pytest, go) to automate branch lifecycle management. These actions are standard for development utilities and align with the skill's stated purpose.
- [PROMPT_INJECTION]: The skill ingests untrusted data such as branch names and PR titles which are used in shell commands. Ingestion points: SKILL.md. Boundary markers: Absent for branch names, though heredocs (EOF) are used for PR bodies. Capabilities: bash command execution. Sanitization: Not explicitly implemented for branch names. The risk is assessed as low given the trusted context and standard developer usage patterns.
Audit Metadata