worktree-guide
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a documentation and workflow template for Git worktrees, Ghostty, and Lazygit. It contains standard shell commands for environment detection and Git management.
- [COMMAND_EXECUTION]: The skill uses basic shell commands like
git rev-parse,git worktree list, andpwdto detect the user's environment. These are non-destructive and relevant to the stated purpose of the skill. - [INDIRECT_PROMPT_INJECTION]: There is a minimal attack surface where the skill reads local environment data (current directory and git status). While this data could theoretically be manipulated by a malicious repository (e.g., malicious branch names), the risk is negligible as the skill only uses this information for contextual guidance.
- [NO_CODE]: No external scripts, binaries, or package installations are performed. The skill relies entirely on pre-existing tools on the user's system.
Audit Metadata