using-git-worktrees
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill automatically executes shell commands (e.g., npm install, cargo build, pip install) based on files detected in the repository root. This allows a malicious repository to achieve code execution on the user's machine during the automated setup process.- REMOTE_CODE_EXECUTION (HIGH): Package managers like npm, pip, and poetry are used to download and execute code from remote registries. If a target repository contains malicious dependency manifests, the agent will facilitate remote code execution.- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) as it blindly trusts repository content. 1. Ingestion points: AGENTS.md, package.json, Cargo.toml, requirements.txt, pyproject.toml, go.mod. 2. Boundary markers: None. 3. Capability inventory: git worktree add, npm install/test, cargo build/test, pip install, poetry install, pytest, go mod download/test. 4. Sanitization: None.
Recommendations
- AI detected serious security threats
Audit Metadata