daft-worktree-workflow
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The configuration file daft.yml includes commands to download setup scripts from raw.githubusercontent.com/Homebrew and mise.run. These are well-known and trusted sources for developer tools.
- [COMMAND_EXECUTION]: The skill uses a hooks system to execute shell commands. This is a core feature of the tool and is protected by a trust-based security model (daft hooks trust) that prevents execution in untrusted repositories.
- [REMOTE_CODE_EXECUTION]: Examples within the repository demonstrate installing tools using the curl | sh pattern. Because these point to established and trusted service domains, they are considered standard bootstrap procedures rather than malicious activity.
Audit Metadata