Skills
skills/everyinc/compound-engineering-plugin/git-worktree/Gen Agent Trust Hub

git-worktree

Warn

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The worktree-manager.sh script automatically copies all .env* files from the main repository to newly created worktree directories. These files commonly contain sensitive information such as API keys, authentication tokens, and database credentials, and duplicating them increases the local exposure surface.
  • [COMMAND_EXECUTION]: The skill executes shell commands (via git, mkdir, and cp) using variables like branch_name that are provided as user input. This lack of sanitization presents an indirect prompt injection surface where malicious inputs could influence command behavior.
  • Ingestion points: branch_name and from_branch arguments in scripts/worktree-manager.sh.
  • Boundary markers: None present to separate untrusted inputs from executable command strings.
  • Capability inventory: Extensive filesystem operations and git subcommands.
  • Sanitization: User inputs are quoted in the script to prevent shell word splitting but lack validation against command options or other injection vectors.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 2, 2026, 09:15 AM