Skills
skills/fairchild/dotclaude/git-worktree/Gen Agent Trust Hub

git-worktree

Warn

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script evaluates arbitrary shell commands from conductor.json using eval during worktree creation and archiving. This allows any repository to execute code on the host system.
  • [COMMAND_EXECUTION]: The script uses macOS osascript to automate terminal applications by injecting keystrokes and commands into new sessions.
  • [DATA_EXFILTRATION]: The skill automatically copies sensitive environment files (.env, .env.local, .dev.vars) to new directories, increasing the exposure surface of secrets.
  • [PROMPT_INJECTION]: The skill is vulnerable to malicious instructions in repository files. * Ingestion points: conductor.json in the repository. * Boundary markers: None. * Capability inventory: Arbitrary shell execution (eval), terminal automation (osascript), and file system manipulation. * Sanitization: None.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 16, 2026, 05:04 PM