finishing-a-development-branch
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs shell operations using git, gh (GitHub CLI), and various project-specific test runners like npm, cargo, and pytest. These are standard tools for its intended purpose of managing development workflows.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) by incorporating untrusted project data into Pull Request creation and relying on external test outputs.
- Ingestion points: conductor/config.json, project track specifications, plan descriptions, and shell command outputs from test runners.
- Boundary markers: Uses shell heredocs (cat EOF) for PR body construction to mitigate some forms of shell command injection.
- Capability inventory: Extensive capabilities including local configuration reading, execution of various test runners, branch management (merge/delete), and GitHub PR creation.
- Sanitization: Lacks explicit validation or sanitization of project specifications before they are interpolated into the PR template.
Audit Metadata