bail
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes Git and GitHub CLI commands to manage worktrees, branches, and issue status. It follows best practices by using absolute paths and temporary directories for its operations.
- [DATA_EXFILTRATION]: The skill transmits context and documentation to the project's remote repository. This activity is the primary purpose of the skill and targets authorized project endpoints.
- [PROMPT_INJECTION]: The skill processes and aggregates data from local files, which represents an indirect prompt injection surface.
- Ingestion points: Reads from
.branch-context.mdandMEMORY.mdwithin the current worktree. - Boundary markers: Uses Markdown headers to structure data but lacks explicit security boundaries for interpolated content.
- Capability inventory: Includes file system access, network communication via Git/GitHub CLI, and repository modification.
- Sanitization: No explicit sanitization is performed on the content gathered from local files before consolidation into central memory.
Audit Metadata