parallel-worktree-session
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill guides the agent to perform shell operations (such as
git worktree,cd, andclaude) using parameters derived from user-defined feature names and slugs. This creates a potential command injection vector if the feature slugs or branch names are not properly sanitized before being used in a shell context. - [PROMPT_INJECTION]: The 'Subagent mode' described in Phase 2 utilizes a
Task()tool to dispatch work to other agents. This pattern interpolates user-controlled goals and constraints directly into instructions for the subagent, creating a surface for indirect prompt injection. - Ingestion points: Feature names, branch names, goals, and acceptance criteria defined in the Phase 1 tracking table and passed to the Task tool.
- Boundary markers: No specific delimiters or safety warnings are suggested for the interpolated shell commands or task descriptions.
- Capability inventory: The skill utilizes shell execution (git, common unix utilities, claude CLI) and subagent orchestration.
- Sanitization: The skill does not provide instructions for validating or escaping user-provided strings before they are incorporated into commands or prompts.
Audit Metadata