worktree
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill generates and executes shell commands that incorporate variables derived from the local environment and user input, such as
<path>,<branch>, and<name>. In the logic forstatus,create, andcleanup, these variables are interpolated into commands likedu -sh <path>,gh pr list --head <branch>, andgit worktree remove <path>. Without explicit shell quoting or sanitization in the logic templates, there is a risk of command injection if a repository contains malicious metadata (e.g., branch names with shell metacharacters) or if the user provides crafted arguments. - [EXTERNAL_DOWNLOADS]: The skill utilizes the GitHub CLI (
gh) to communicate with GitHub's servers to retrieve pull request status information. This network activity is restricted to a well-known, trusted service and is necessary for the skill's primary functionality of tracking PR progress. - [COMMAND_EXECUTION]: The skill performs file system modifications and git state changes, including the creation and deletion of worktree directories and local branches. These actions are triggered based on repository metadata and user-provided names, though they are guarded by user confirmation steps via the
AskUserQuestiontool.
Audit Metadata