using-git-worktrees
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill executes multiple shell commands to set up project environments and run tests based on repository content (e.g.,
npm test,cargo test,pytest,go test ./...). This allows for the execution of arbitrary code defined in the project's configuration files. - EXTERNAL_DOWNLOADS (MEDIUM): Automatically invokes package managers (
npm,pip,poetry,cargo,go) to download and install external dependencies. These operations fetch third-party code from public registries based on potentially untrusted local manifests likepackage.jsonorrequirements.txt. - INDIRECT_PROMPT_INJECTION (LOW): The skill reads from
CLAUDE.mdto determine directory preferences without sanitization or boundary markers. An attacker could potentially influence the workspace location by providing malicious path configurations inCLAUDE.md. - Ingestion points: File read of
CLAUDE.mdusinggrep. - Boundary markers: Absent; the skill trusts the extracted string for directory selection.
- Capability inventory: File system modification via
git worktree add,cd, and directory creation; code execution vianpm installand test runners. - Sanitization: None detected for the values extracted from
CLAUDE.md.
Audit Metadata