resolving-merge-conflicts
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, hidden code, or unauthorized network operations were detected in the skill instructions. The functionality aligns with standard developer workflows.
- [COMMAND_EXECUTION]: The skill instructs the agent to run project-specific automated checks like tests and formatters. These executions are intended for validating merge integrity within the local repository environment.
- [PROMPT_INJECTION]: The skill processes external data sources which could contain malicious instructions designed to influence the agent's behavior (Indirect Prompt Injection surface).
- Ingestion points: Commit messages, Pull Request descriptions, and issue tracker content used in Step 2.
- Boundary markers: The instructions do not define delimiters or specific warnings to ignore embedded instructions in the ingested metadata.
- Capability inventory: The agent is guided to modify source code files to resolve hunks and execute local shell commands for verification.
- Sanitization: There is no requirement for the agent to sanitize or validate the content of commit messages or PRs before processing them.
Audit Metadata