using-git-worktrees
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands to manage Git worktrees and set up project environments.
- It constructs commands using variables like
$BRANCH_NAMEand$LOCATIONwhich are derived from repository metadata or user input. - It automatically runs environment-specific setup commands (
npm install,cargo build,pip install,poetry install,go mod download) and test runners (npm test,cargo test,pytest,go test). - [EXTERNAL_DOWNLOADS]: The skill automates the download and installation of external dependencies through standard package managers when project-specific configuration files are detected.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via malicious repository content.
- Ingestion points: The agent reads and reacts to files present in the repository, including
package.json,Cargo.toml,requirements.txt,pyproject.toml, andgo.mod, as well as branch names. - Boundary markers: None are specified to prevent the agent from interpreting instructions embedded in these files.
- Capability inventory: The skill has the ability to execute shell commands, install software packages, and run arbitrary test code provided by the repository.
- Sanitization: There is no evidence of sanitizing the content of project files or branch names before they are used in shell command interpolation.
Audit Metadata