Skills
skills/disler/claude-code-hooks-multi-agent-observability/create-worktree-skill/Gen Agent Trust Hub

create-worktree-skill

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The skill utilizes SlashCommand and Bash tools to automate infrastructure tasks like creating git worktrees, managing ports, and starting services. This is appropriate for a development tool but grants the agent significant control over the local environment.
  • [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8) because it interpolates user-provided data directly into command arguments.
  • Ingestion points: The branch-name and port-offset are extracted directly from user messages (SKILL.md).
  • Boundary markers: No delimiters or safety instructions are provided to ensure the branch name is treated as a literal string rather than a command sequence.
  • Capability inventory: The agent possesses Bash, SlashCommand, and Write capabilities, which could be abused if the branch name contains malicious shell metacharacters.
  • Sanitization: There is no evidence of input sanitization or validation before passing the user input to the /create_worktree_prompt command.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill documentation mentions installing dependencies for server and client environments and requires bun. This involves downloading and executing code from external package registries, which is standard for development workflows but remains a potential vector for supply chain attacks.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:22 PM