git-worktree-manager
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides bash scripts (setup-worktree.sh and cleanup-worktrees.sh) that execute shell commands like git worktree, sed, cp, and lsof to automate workspace management.
- [DATA_EXFILTRATION]: The setup script copies sensitive configuration files (.env, .env.local, .env.development) from the main repository to newly created worktree directories. While the operation is local, the automated handling of credential-bearing files is a significant data exposure risk.
- [EXTERNAL_DOWNLOADS]: During worktree setup, the skill automatically triggers dependency installation via standard package managers (npm, pnpm, yarn, pip, or go) based on the presence of project lockfiles.
- [PROMPT_INJECTION]: The skill ingests branch names as input to construct filesystem paths and file content, creating a surface for indirect prompt injection if branch names are controlled by an untrusted party. Ingestion points: BRANCH variable in setup-worktree.sh. Boundary markers: None. Capability inventory: git worktree add, cat, sed, pnpm install. Sanitization: Uses sed and tr for directory naming.
Audit Metadata