using-git-worktrees
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill automatically executes package managers including
npm install,pip install,poetry install, andgo mod download. These commands interact with public registries to fetch and install third-party dependencies. While these actions typically carry risk, the severity is lowered to LOW as it is the primary intended purpose of the skill (environment setup).\n- [REMOTE_CODE_EXECUTION] (LOW): The automated installation of dependencies fromnpmorpipinvolves the potential execution of remote code (e.g., install scripts) on the local machine.\n- [COMMAND_EXECUTION] (LOW): The skill automatically detects and runs project-specific test commands such asnpm test,cargo test, andpytest. This involves executing arbitrary code defined within the repository's codebase.\n- [INDIRECT PROMPT INJECTION] (LOW): The skill parses configuration data fromCLAUDE.mdusinggrep. An attacker with write access to the documentation could influence the directory paths used in subsequent shell commands.\n - Ingestion points:
CLAUDE.md(via grep command).\n - Boundary markers: Absent; the preference string is used without delimiters or warnings.\n
- Capability inventory: Shell execution of
git,npm,pip,poetry,cargo, andgo.\n - Sanitization: Absent; the extracted string is used directly to construct filesystem paths.
Audit Metadata