git-worktrees
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The documentation suggests using 'npm install' to manage dependencies within isolated worktrees. This involves downloading third-party code from the npm registry, which is a standard but external dependency risk.
- [COMMAND_EXECUTION] (LOW): The skill utilizes shell commands such as 'git worktree', 'ln -s', and 'rm -rf'. While these are necessary for the workflow, the use of destructive commands like 'rm -rf' on paths that could be influenced by external data (like branch names) requires careful handling.
- [PROMPT_INJECTION] (LOW): The skill's workflow depends on external inputs such as git branch names. If an agent automatically processes branches with malicious names, it could lead to unintended command execution. Evidence: 1. Ingestion points: Git branch names and PR identifiers (SKILL.md). 2. Boundary markers: Absent in the provided agent instruction templates. 3. Capability inventory: 'git worktree add', 'npm install', 'rm -rf' (SKILL.md). 4. Sanitization: Not explicitly mentioned in the instructions.
Audit Metadata