branch-name
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local Git commands including 'git branch', 'git status', and 'git log' to assess the repository state and rename branches. These are standard development operations.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from commit history and existing branch names which can be controlled by external contributors.
- Ingestion points: Data is ingested from the repository through 'git log --oneline -10' and 'git branch --format' in 'SKILL.md'.
- Boundary markers: None. The skill does not instruct the agent to treat repository metadata (like commit messages) as untrusted or to ignore instructions embedded within them.
- Capability inventory: The agent can modify the repository state using the 'git branch -m' command.
- Sanitization: The skill provides a naming standard that advises the agent to avoid shell-sensitive characters, which mitigates simple command injection but does not prevent logic-based indirect injection.
Audit Metadata