finishing-a-development-branch
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security violations were detected. The skill follows standard development best practices.
- [COMMAND_EXECUTION]: Executes local development tools including git, npm, cargo, pytest, and the GitHub CLI (gh). These operations are restricted to the local repository and the project's official remote origin, triggered only by explicit user workflow selection.
- [PROMPT_INJECTION]: The skill processes untrusted metadata such as git branch names and commit messages when generating pull request bodies, which constitutes a surface for indirect prompt injection.
- Ingestion points: Git branch names and commit history referenced in SKILL.md.
- Boundary markers: Absent.
- Capability inventory: Local command execution (git, npm) and network-based repository management (gh).
- Sanitization: Absent.
Audit Metadata