Back to skill

Security audit

Finishing A Development Branch

Security checks across malware telemetry and agentic risk

Overview

This is a normal Git branch-finishing helper, but its inconsistent cleanup instructions could cause a local worktree to be removed after creating a pull request.

Install only if you are comfortable with an agent performing Git branch completion tasks. Before using the PR path, explicitly tell the agent whether to preserve the worktree, and verify the target remote, GitHub account, branch contents, and any sensitive files before pushing or creating a pull request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill gives conflicting instructions about whether Option 2 should clean up the worktree: Step 4 says to proceed to cleanup for Option 2, while the Quick Reference says to keep the worktree. In an automation context, this ambiguity can cause unintended deletion of a still-needed worktree or inconsistent behavior across implementations.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The Common Mistakes section says cleanup should occur only for Options 1 and 4, but Step 5 explicitly says cleanup applies to Options 1, 2, and 4. Such internal contradictions are operationally dangerous because an agent may follow one section and remove resources unexpectedly or fail to remove them when required.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The 'Always' section mandates worktree cleanup only for Options 1 and 4, which conflicts with Step 5's instruction to also clean up for Option 2. Because the skill is procedural and intended to drive actions, this inconsistency can lead to destructive cleanup decisions being made unpredictably.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.