git-worktree
Warn
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/worktree-manager.shexecutes various Git and shell commands to manage the repository state. This includes creating and removing worktree directories, checking out branches, and managing local file system structures. - [CREDENTIALS_UNSAFE]: The skill's
copy_env_filesfunction inscripts/worktree-manager.shis designed to identify and copy files matching the.env*pattern from the main repository into newly created worktrees. As these files are standard locations for storing sensitive credentials and API keys, this behavior involves automated access to sensitive local data. - [PROMPT_INJECTION]: The skill processes branch names provided by the user to determine the location and identity of new worktrees, which presents a surface for indirect prompt injection.
- Ingestion points: User-provided branch names and base branch arguments passed to the
create_worktreefunction inscripts/worktree-manager.sh. - Boundary markers: Absent. The script interpolates user input directly into shell commands and file paths without using specific delimiters or safety instructions.
- Capability inventory: The script has the capability to modify the local file system (
mkdir,cp,rmdir) and alter the Git repository structure. - Sanitization: The script utilizes standard shell quoting for variables, but does not perform content validation or sanitization on the input strings to prevent malicious naming patterns.
- [EXTERNAL_DOWNLOADS]: The
create_worktreecommand performs agit pullfrom the repository's configuredoriginto synchronize the local state with the remote version.
Audit Metadata