Skills
skills/paulund/ai/dev-merge-main/Gen Agent Trust Hub

dev-merge-main

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: Uses standard git commands to fetch, merge, add, and commit changes during the synchronization process.
  • [COMMAND_EXECUTION]: Executes pnpm install and pnpm test to manage dependencies and verify the integrity of the codebase after conflict resolution.
  • [EXTERNAL_DOWNLOADS]: Fetches remote repository data via git fetch origin main.
  • [EXTERNAL_DOWNLOADS]: Downloads Node.js packages from official registries using the pnpm package manager.
  • [PROMPT_INJECTION]: There is an inherent surface for indirect prompt injection as the agent must read and evaluate conflicted source files which could contain untrusted data.
  • Ingestion points: Source files identified as conflicted by git diff --name-only.
  • Boundary markers: No explicit delimiters or instructions are used to isolate the untrusted file content from the agent's logic.
  • Capability inventory: The skill possesses shell execution capabilities via git and pnpm.
  • Sanitization: The skill relies on the agent's reasoning to select appropriate code patterns but does not implement automated sanitization of the input data.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 04:15 PM
Security Audit — agent-trust-hub — dev-merge-main