work-integrate
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard Git CLI tools to perform branch management and integration. It includes safety logic to abort operations on conflicts and requires a clean working tree before execution.
- [SAFE]: The skill incorporates a robust set of operational constraints, including verification of task completion in 'progress.md' and the requirement for a successful 'code-review' verdict before allowing a merge to proceed.
- [DATA_EXFILTRATION]: No network activity or external data exfiltration patterns were detected. The skill's scope is restricted to local file reading and standard Git repository interactions.
- [SAFE]: The skill exhibits an indirect prompt injection surface by ingesting data from project files. 1. Ingestion points: 'progress.md' and 'MEMORY.md'. 2. Boundary markers: Absent. 3. Capability inventory: Git subprocess execution across the integration flow. 4. Sanitization: Input from 'progress.md' is strictly parsed for status keywords ('Done') rather than being directly interpreted as commands.
- [PROMPT_INJECTION]: The instructions do not contain adversarial patterns aimed at bypassing safety filters or overriding core agent instructions. It explicitly mandates user confirmation for ambiguous configurations like base branch resolution.
Audit Metadata