resolving-git-conflicts
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a wide range of shell commands (
git,cat,grep,diff,tail) and rewrites local history without user confirmation. While it takes safety backups by creating backup branches (git branch conflict-backup-$(date +%s)), the high level of autonomy increases the impact of any potential misinterpretation or malicious input. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection. It ingests untrusted data from conflicted files (specifically when using
git checkout --conflict=diff3) and commit messages (Phase 3). There are no boundary markers or sanitization steps to prevent instructions embedded in these data sources from influencing the agent's behavior. An attacker could potentially embed malicious instructions in conflict markers or commit logs that the agent might follow while attempting to 'resolve' the conflict.
Audit Metadata