using-git-worktrees
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill automatically executes powerful shell commands including "npm install", "cargo build", "pip install", "poetry install", and "go mod download". It also runs test suites such as "npm test", "cargo test", "pytest", and "go test". These operations are performed automatically based on the presence of specific project files, which is a standard development workflow but carries inherent risk if the project source is untrusted.
- [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface. It reads and acts upon data found within the project repository (specifically CLAUDE.md and various configuration files) to determine its execution path and directory structure without implementing safety delimiters or sanitization.
- Ingestion points: Reads content from "CLAUDE.md", checks for the existence of ".worktrees" and "worktrees" directories, and detects package manager manifest files.
- Boundary markers: None. The skill does not use protective delimiters when interpolating project data into shell commands.
- Capability inventory: The agent has the capability to execute subprocesses, write to the filesystem (via .gitignore modifications), and trigger network operations through standard package managers.
- Sanitization: No sanitization or validation of the configuration files or installation scripts is performed before execution.
Audit Metadata