git-merge-expert
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various shell commands to manage the Git lifecycle and validate code state.
- Evidence: Commands include
git merge,git push,gh pr merge, and package manager scripts likepnpm buildandnpm testto verify the repository after a merge. - [INDIRECT_PROMPT_INJECTION]: The skill is designed to process untrusted data from external sources which could potentially contain adversarial content.
- Ingestion points: File content during conflict resolution (SKILL.md) and Pull Request metadata retrieved via
gh pr view. - Boundary markers: Absent. Untrusted data from conflicts is read directly into the context without protective delimiters.
- Capability inventory: The skill has the ability to run build scripts, commit code, and push changes to remote branches.
- Sanitization: Not present. The skill relies on the agent's reasoning to distinguish between code and embedded instructions during merge operations.
Audit Metadata