using-git-worktrees
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill generates shell commands using variables like $BRANCH_NAME and $LOCATION (e.g., git worktree add "$path" -b "$BRANCH_NAME"). While variables are quoted, there is a surface for command injection if these variables are sourced from untrusted external data without strict validation.
- [EXTERNAL_DOWNLOADS] (LOW): The skill automatically triggers package installation commands (e.g., npm install, pip install, poetry install, go mod download) when specific project files are detected. This involves downloading and executing third-party code from external registries.
- [PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface by reading and acting upon configuration from potentially untrusted project files like CLAUDE.md.
- Ingestion points: CLAUDE.md (via grep command), package.json, Cargo.toml, requirements.txt, and other build files.
- Boundary markers: None present in the logic to separate instructions from data.
- Capability inventory: Shell script execution, Git command execution, package management, and test runners.
- Sanitization: No explicit sanitization or validation of the input read from repository files is performed.
Audit Metadata