using-git-worktrees
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands to manage git worktrees (e.g.,
git worktree add,git worktree list,git worktree remove,git worktree prune), searches for configuration preferences usinggrep, and updates project files like.gitignoreusingecho. - [EXTERNAL_DOWNLOADS]: The skill triggers the installation of external dependencies using package managers like
npm,pip,poetry, andgo. These tools download software from well-known registries (e.g., npmjs.com, pypi.org), which is expected behavior for developer tools but constitutes fetching external code. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection vulnerabilities because it processes untrusted data from repository files that influence shell command execution and agent behavior.
- Ingestion points: The skill reads directory preferences from
CLAUDE.mdand project requirements/scripts from manifest files such aspackage.json,Cargo.toml, andrequirements.txt. - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat the content of these files as untrusted or to ignore potentially malicious embedded instructions.
- Capability inventory: The agent has the capability to execute shell commands, install packages, and run project-defined test suites (e.g.,
npm test). - Sanitization: No evidence of sanitization or validation is present to ensure that data retrieved from these project files does not contain malicious payloads targeting the shell or the agent's logic.
Audit Metadata