rlm-worktree
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several Git commands to create isolated workspaces and feature branches, facilitating parallel development and protecting the main branch from accidental commits.
- [EXTERNAL_DOWNLOADS]: It automates the installation of project dependencies using well-known package managers (npm, pip, cargo, poetry, go, mvn, dotnet, gradlew) which fetch code from official repositories based on local manifest files.
- [COMMAND_EXECUTION]: The skill automatically identifies and runs test suites using tools like pytest or npm test to verify a clean baseline in newly created worktrees.
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface: 1. Ingestion points: Reads configuration preferences from CLAUDE.md and project metadata from manifests like package.json or requirements.txt. 2. Boundary markers: No explicit delimiters or instructions are used to separate ingested data from agent instructions. 3. Capability inventory: High capability to execute shell commands and build tools. 4. Sanitization: No sanitization logic is evident for variable interpolation (e.g., run_id) or values extracted from external files.
Audit Metadata