using-git-worktrees
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill automatically executes shell commands including git, npm, cargo, pip, poetry, and go based on the presence of project files. It also runs test suites (npm test, pytest, etc.) to verify the baseline.
- [EXTERNAL_DOWNLOADS] (MEDIUM): Triggers dependency installation commands (npm install, pip install, etc.) that fetch third-party code from external registries. While standard for development, this allows execution of remote code contained in repository package manifests.
- [PROMPT_INJECTION] (LOW): Indirect injection surface via CLAUDE.md. 1. Ingestion points: CLAUDE.md (via grep for worktree preference). 2. Boundary markers: Absent. 3. Capability inventory: Subprocess execution (npm, cargo, pip, go, git, shell). 4. Sanitization: Absent; uses simple pattern matching to extract configuration strings.
- [DATA_EXFILTRATION] (SAFE): No evidence of unauthorized data transmission. Network access is limited to standard package managers and tool-specific registries.
Audit Metadata