using-git-worktrees
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs shell operations including
git worktree,npm install,cargo build,pip install,poetry install, andgo test. It also modifies and commits changes to the project's .gitignore file (SKILL.md).\n- [EXTERNAL_DOWNLOADS]: The skill automatically initiates network requests via package managers (npm, pip, poetry, go) to install dependencies when configuration files are detected (SKILL.md).\n- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface due to its configuration discovery logic.\n - Ingestion points: Reading directory preference strings from
CLAUDE.mdusinggrep(SKILL.md).\n - Boundary markers: There are no delimiters or instructions to ignore instructions found within
CLAUDE.md(SKILL.md).\n - Capability inventory: The skill can execute shell commands, write to the file system, and access the network via build tools (
SKILL.md).\n - Sanitization: The skill lacks validation or sanitization of the strings retrieved from
CLAUDE.mdbefore they are used in path construction for shell execution (SKILL.md).
Audit Metadata