using-git-worktrees
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill triggers automated build and test suites (e.g.,
npm test,pytest,cargo test). This executes code present in the local project repository. While intended for baseline verification, it serves as an execution vector for potentially malicious content within a repository. - EXTERNAL_DOWNLOADS (LOW): Uses standard package managers (
npm install,pip install,poetry install,go mod download) to fetch external dependencies. This is a standard operation but involves downloading and potentially executing third-party code from public registries. - PROMPT_INJECTION (LOW): The skill ingests configuration strings from
CLAUDE.md. An attacker who can modify this file could influence the agent's file system operations by providing malicious directory paths. - Ingestion points:
CLAUDE.md(processed via grep) - Boundary markers: Absent (The skill searches for strings without validating source or context)
- Capability inventory: Shell execution (
git,npm,pip,cargo,go), directory creation, and file modification (.gitignore) - Sanitization: None detected
Audit Metadata