finishing-branch
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONNO_CODE
Full Analysis
- [NO_CODE]: The skill consists entirely of Markdown documentation and instructions, containing no executable script files such as .py, .js, or .sh.
- [COMMAND_EXECUTION]: The instructions direct the agent to use standard system tools such as git for version control and make for running local verification suites, including linting, type-checking, and testing.
- [EXTERNAL_DOWNLOADS]: The skill references pull request creation using the official Bitbucket API (api.bitbucket.org) and CLI tools for GitHub (gh) and GitLab (glab), which are well-known development services.
- [PROMPT_INJECTION]: The skill instructs the agent to process external, potentially untrusted data from git diffs and commit logs to perform reviews and write PR messages, creating a surface for indirect prompt injection.
- Ingestion points: 'SKILL.md' (Phase 3: Diff Review, Phase 5: Message Writing).
- Boundary markers: None specified in the instructions to delimit untrusted diff content.
- Capability inventory: Shell command execution via git, make, and curl as described in 'SKILL.md'.
- Sanitization: No explicit sanitization or filtering of diff content is specified before the agent processes the text.
Audit Metadata