integrate
Pass
Audited by Gen Agent Trust Hub on Jul 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs Git repository management by executing a local Node.js script (
worktree.mjs) through PowerShell and Bash wrapper scripts. These wrappers use secure argument passing to prevent command injection. - [DYNAMIC_EXECUTION]: The skill documentation describes a workflow that generates temporary cleanup scripts (
.ps1or.sh). These are intended for local environment maintenance and are presented to the user for manual execution. - [PROMPT_INJECTION]: The skill includes a parameter for user intent (
UserInstruction), which is passed to the underlying integration tool. This presents a surface for indirect prompt injection if the intent is sourced from untrusted external data, though it is handled as a literal string argument in the execution wrappers. - Ingestion points:
UserInstructionparameter inscripts/integrate.ps1andinstructioninscripts/integrate.sh. - Boundary markers: No specific delimiters or safety instructions are applied to the intent string within the shell wrappers.
- Capability inventory: Git operations (merging, branch/folder deletion) and script generation.
- Sanitization: The wrapper scripts do not sanitize the intent string, relying on the target Node.js script for processing.
Audit Metadata