mergify-stack
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a guide for using the 'mergify' CLI, which is a legitimate tool for enhancing git workflows and managing stacked PRs. The instructions align with standard software development practices.
- [COMMAND_EXECUTION]: The skill utilizes common shell commands including 'git', 'mergify', and 'gh' (referenced in the Common Mistakes section). These commands are used for their intended purposes (version control and PR management) and do not involve unauthorized privilege escalation or dangerous execution patterns.
- [DATA_EXFILTRATION]: Although the skill involves pushing code to remote repositories via 'mergify stack push', this is the core function of the tool and relies on the user's existing git configuration and authentication. No instances of sensitive data harvesting or exfiltration to unrecognized domains were found.
- [PROMPT_INJECTION]: The skill contains instructional headers (e.g., 'CRITICAL') to emphasize operational safety (like stashing work before rebasing). These are benign and do not attempt to bypass the AI agent's underlying safety guardrails or system instructions.
Audit Metadata