git-merge-expert

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes various shell commands to manage the Git lifecycle and validate code state.
  • Evidence: Commands include git merge, git push, gh pr merge, and package manager scripts like pnpm build and npm test to verify the repository after a merge.
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to process untrusted data from external sources which could potentially contain adversarial content.
  • Ingestion points: File content during conflict resolution (SKILL.md) and Pull Request metadata retrieved via gh pr view.
  • Boundary markers: Absent. Untrusted data from conflicts is read directly into the context without protective delimiters.
  • Capability inventory: The skill has the ability to run build scripts, commit code, and push changes to remote branches.
  • Sanitization: Not present. The skill relies on the agent's reasoning to distinguish between code and embedded instructions during merge operations.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 11:32 AM
Security Audit — agent-trust-hub — git-merge-expert