wtm
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs shell commands using placeholders like
<task-name>,<branch-name>, and commit messages derived from user input or task descriptions. This presents a risk of command injection if the agent does not adequately sanitize these variables before execution. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface (Category 8). Ingestion points: The skill reads project-specific files like
plan.mdin Step 5. Boundary markers: Content is interpolated without delimiters or 'ignore' warnings. Capability inventory: The skill has file system access (worktree management) and network access via Git and the GitHub CLI. Sanitization: No sanitization is performed on ingested file content before it is passed to external tools.
Audit Metadata