managing-worktrees
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute Git commands, including 'git worktree add' and 'git worktree remove', which involve creating and deleting directories on the file system.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it interpolates user-supplied strings directly into shell command arguments. * Ingestion points: Untrusted data enters the agent context through user requests specifying branch names, worktree locations, and PR identifiers (SKILL.md). * Boundary markers: The skill does not define delimiters or provide instructions to ignore embedded commands within user-provided data. * Capability inventory: The skill enables file system modifications and branch management using 'git worktree' and 'git branch' via the Bash tool (SKILL.md). * Sanitization: No input validation, escaping, or filtering mechanisms for user-provided data are specified in the skill body.
Audit Metadata