branch-name

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes local Git commands including 'git branch', 'git status', and 'git log' to assess the repository state and rename branches. These are standard development operations.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from commit history and existing branch names which can be controlled by external contributors.
  • Ingestion points: Data is ingested from the repository through 'git log --oneline -10' and 'git branch --format' in 'SKILL.md'.
  • Boundary markers: None. The skill does not instruct the agent to treat repository metadata (like commit messages) as untrusted or to ignore instructions embedded within them.
  • Capability inventory: The agent can modify the repository state using the 'git branch -m' command.
  • Sanitization: The skill provides a naming standard that advises the agent to avoid shell-sensitive characters, which mitigates simple command injection but does not prevent logic-based indirect injection.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 07:33 AM
Security Audit — agent-trust-hub — branch-name