update-branch
Pass
Audited by Gen Agent Trust Hub on May 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it extracts and executes verification commands from untrusted repository files.
- Ingestion points: The skill reads
AGENTS.md, README files, package scripts, and other repository guidance to identify verification commands. - Boundary markers: Absent. There are no instructions to use delimiters or ignore instructions embedded within the data files.
- Capability inventory: The skill is capable of executing arbitrary shell commands discovered during the repository scan.
- Sanitization: Absent. The skill does not validate or sanitize the commands found in the repository before execution.
- [COMMAND_EXECUTION]: The skill performs shell command execution as part of its core functionality.
- Evidence: It uses
git fetch,git merge, andgit branchcommands. - Evidence: It executes 'documented verification commands' found in the local environment, which can include arbitrary scripts or binaries defined in the codebase.
Audit Metadata