merge
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is built around executing standard git CLI commands to manage repository state, including syncing with remote repositories and performing branch operations.
- [INDIRECT_PROMPT_INJECTION]: The skill captures the current branch name and uses it as a variable in subsequent shell commands. While this is standard for git tooling, it is noted as a potential attack surface if branch names contain malicious sequences.
- Ingestion points: The branch name is captured in SKILL.md using git rev-parse.
- Boundary markers: No delimiters or instructions to ignore embedded content are applied to the branch variable.
- Capability inventory: The skill performs command execution including merging and deleting branches.
- Sanitization: No explicit sanitization of the branch name is performed within the instructions.
Audit Metadata