Skills
skills/caidanw/skills/Git Worktree/Gen Agent Trust Hub

Git Worktree

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes bash commands including git worktree, mkdir, and basename to manipulate the local filesystem and git configuration. It is configured to alwaysAllow bash execution, which grants the agent permission to run these commands.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it interpolates the <branch> placeholder directly into shell commands without validation or boundary markers.
  • Ingestion points: The <branch> variable in SKILL.md used for creation and removal operations.
  • Boundary markers: None identified; the input is treated as a literal shell variable.
  • Capability inventory: Commands include mkdir -p and git worktree add, which allow filesystem modification.
  • Sanitization: None; the skill relies on the agent or user to provide a safe branch name string.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 02:34 AM