git-worktree-remove
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): Path traversal vulnerability in scripts/remove_worktree.sh. The script replaces forward slashes with hyphens but fails to sanitize the '..' sequence. If provided with '..' as a worktree name, the script resolves the deletion target to the repository root and executes 'rm -rf' on it after confirmation.
- [PROMPT_INJECTION] (LOW): Indirect prompt injection surface (Category 8). 1. Ingestion points: Untrusted directory names are read from the .worktrees/ directory via the list_worktrees function. 2. Boundary markers: None. The script presents directory names to the agent/user without delimiters or warnings to ignore embedded instructions. 3. Capability inventory: The skill can execute destructive file deletions and git administrative commands. 4. Sanitization: The script only sanitizes path separators and does not filter the content of names for malicious instructions targeting the AI agent.
Recommendations
- AI detected serious security threats
Audit Metadata