git-worktree-create
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOWCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Command Execution] (SAFE): The script
scripts/create_worktree.shperforms standard Git and filesystem operations.\n - Evidence: Uses
git worktree,git fetch,mkdir, andcpfor repository management.\n - Safety: Variables such as
$BRANCH_NAMEand$WORKTREE_PATHare consistently double-quoted to prevent command injection or shell expansion issues.\n- [Indirect Prompt Injection] (LOW): The skill processes external data from Git branches which could contain malicious instructions for downstream tasks.\n - Ingestion points: The
BRANCH_NAMEparameter and the content of the branch being checked out into the worktree (scripts/create_worktree.sh).\n - Boundary markers: Absent. The skill does not explicitly warn the agent about untrusted content in the new worktree.\n
- Capability inventory: Performs filesystem writes (
git worktree add,cp) to create the environment (scripts/create_worktree.sh).\n - Sanitization: Branch names are sanitized (
${BRANCH_NAME//\//-}) to prevent directory traversal attacks (scripts/create_worktree.sh).\n- [External Downloads] (SAFE): The skill performs Git network operations to fetch updates.\n - Evidence: Uses
git fetch --allto synchronize with remote repositories.\n - Safety: Operations are restricted to standard Git protocol and configured remotes.
Audit Metadata