using-git-worktrees
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: Executes shell commands to manage Git worktrees, verify directory status, and modify .gitignore. It uses variables like $BRANCH_NAME and $path directly in shell calls without escaping.- [EXTERNAL_DOWNLOADS]: Automatically triggers package management tools (npm, pip, poetry, cargo, go) to download and install external code based on repository configuration files.- [REMOTE_CODE_EXECUTION]: Automatically runs project test suites (npm test, cargo test, etc.) immediately after setup. This results in the execution of code present within the repository's test files.- [COMMAND_EXECUTION]: Vulnerability to indirect input manipulation. 1. Ingestion points: Branch names and directory paths. 2. Boundary markers: None used to separate variables from shell commands. 3. Capability inventory: Subprocess execution for git, npm, pip, and other system tools. 4. Sanitization: No validation or escaping is applied to inputs before execution.
Audit Metadata