using-git-worktrees
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill automatically executes setup and test commands (npm install, cargo build, pip install, npm test, pytest, go test) based on the presence of project files. This allows for immediate arbitrary code execution if the repository being processed contains malicious scripts in build manifests or test suites.
- REMOTE_CODE_EXECUTION (HIGH): By invoking package managers (npm, pip, poetry, go mod) on untrusted manifests, the skill may download and execute malicious code from remote registries during the installation phase.
- INDIRECT PROMPT INJECTION (HIGH): The skill exhibits a high-risk attack surface for indirect injection. 1. Ingestion points: CLAUDE.md for directory preferences and various project manifest files (package.json, requirements.txt) for command selection. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess execution of git, npm, pip, poetry, cargo, and go. 4. Sanitization: Absent; the skill directly translates file presence into shell execution.
- PRIVILEGE ESCALATION (MEDIUM): The safety verification logic automatically modifies and commits to the .gitignore file. While intended as a safety measure, this allows the agent to modify project security configurations without per-instance user confirmation.
Recommendations
- AI detected serious security threats
Audit Metadata