worktree
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local script at
.claude/scripts/worktree.cjsusing the Node.js runtime. This script handles Git worktree creation, repository analysis, and environment file management. - [DATA_EXPOSURE]: The skill identifies and processes environment files (
.env*). This behavior is aligned with the skill's primary purpose of setting up development environments. The workflow requires explicit user confirmation via a multi-select question before any environment files are copied to new locations. - [PROMPT_INJECTION]: The skill contains meta-instructions directing the AI to use specific task-planning tools (
TaskCreate) and to maintain a skeptical, analytical posture. These are used for workflow optimization and do not attempt to bypass safety filters or override system-level constraints.
Audit Metadata