using-git-worktrees
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill automatically executes shell commands for dependency management (npm install, cargo build, pip install, poetry install, go mod download) and testing (npm test, cargo test, pytest, go test). These commands can execute arbitrary scripts defined within the project configuration files (e.g., preinstall or test scripts in package.json).
- [EXTERNAL_DOWNLOADS] (MEDIUM): Automated dependency installation triggers downloads from external package registries (npm, PyPI, Crates.io, Go Proxy).
- [DATA_EXFILTRATION] (SAFE): No commands detected that exfiltrate sensitive data.
- [INDIRECT_PROMPT_INJECTION] (LOW): Ingestion points: Reads project-level files like CLAUDE.md and configuration files (package.json, etc.) to determine behavior. Boundary markers: Absent. Capability inventory: Significant; includes filesystem modification, git commits, network-enabled package managers, and arbitrary test execution. Sanitization: Absent; variables like $LOCATION and $BRANCH_NAME are used directly in shell commands without explicit validation.
- [DYNAMIC_EXECUTION] (MEDIUM): Constructing and executing shell commands based on file discovery and variable interpolation (git worktree add $path -b $BRANCH_NAME).
Audit Metadata