using-git-worktrees
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The skill automatically invokes package managers like npm, pip, poetry, go, and cargo to install dependencies based on repository content, which can trigger remote downloads and execution of installation scripts.\n- [Dynamic Execution] (MEDIUM): Automatically runs test suites such as npm test, cargo test, and pytest. If the repository is malicious, these entry points can be used to execute arbitrary code via malicious test files or build configurations.\n- [Indirect Prompt Injection] (LOW): Ingests potentially untrusted instructions or preferences from project-specific files like CLAUDE.md.\n
- Ingestion points: CLAUDE.md, package.json, Cargo.toml, requirements.txt, pyproject.toml, go.mod\n
- Boundary markers: Absent\n
- Capability inventory: git, npm, pip, cargo, poetry, go, shell command execution\n
- Sanitization: Absent\n- [Data Exposure & Exfiltration] (LOW): Accesses local user configuration at ~/.config/superpowers/worktrees/ to manage workspace data.
Audit Metadata