git-worktrees
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs multiple shell operations including git worktree management, directory listing, and running test suites. These commands are designed to create and manage isolated development environments locally.
- [EXTERNAL_DOWNLOADS]: The skill automates dependency installation via pnpm, npm, yarn, uv, and pip. These operations fetch external packages from standard registries based on the contents of local configuration files like lockfiles and requirements.txt.
- [PROMPT_INJECTION]: The skill reads project configuration from CLAUDE.md and various lockfiles, which creates a surface for indirect prompt injection if those files are maliciously modified. Ingestion points: Reads CLAUDE.md and project lockfiles (pnpm-lock.yaml, package-lock.json, yarn.lock, pyproject.toml, requirements.txt) for configuration. Boundary markers: Absent for the CLAUDE.md grep operation. Capability inventory: Executes shell commands (git, pnpm, uv, pip, turbo, echo, grep, ls) as part of its core workflow in SKILL.md. Sanitization: No explicit sanitization or validation of the content read from configuration files before processing it in the shell environment.
Audit Metadata