Skills
skills/different-ai/openwork-hub/worktree-ux-pr/Gen Agent Trust Hub

worktree-ux-pr

Warn

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [DATA_EXFILTRATION]: The script scripts/upload-catbox.sh uses curl to upload local files to https://catbox.moe/user/api.php. This provides a direct path for data exfiltration of sensitive information (such as credentials or private keys) if the input file path is directed away from the intended screenshots.- [COMMAND_EXECUTION]: Multiple scripts perform operations that modify the local environment or repository state. scripts/rebase-worktrees.sh executes git push --force-with-lease, while scripts/start-headless.sh starts a local dev server with the --allow-external flag, which can expose local services to the external network.- [EXTERNAL_DOWNLOADS]: The script scripts/start-ui.sh executes pnpm install, which downloads and installs external dependencies from the public npm registry.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 13, 2026, 02:01 PM