using-git-worktrees
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various shell commands to manage git worktrees and set up development environments. This includes 'git worktree add' for isolation and 'npm install', 'pip install', 'poetry install', 'cargo build', and 'go mod download' to initialize dependencies based on project files. It also runs project-appropriate test commands such as 'npm test' and 'pytest' to verify a clean baseline.\n- [PROMPT_INJECTION]: The skill reads configuration preferences from 'CLAUDE.md', which represents an indirect prompt injection surface where repository-level data can influence the agent's behavior.\n
- Ingestion points: The skill uses 'grep' to search for 'worktree' preferences within the 'CLAUDE.md' file.\n
- Boundary markers: No delimiters or explicit warnings are used to separate the external file content from the agent's internal logic.\n
- Capability inventory: The skill possesses extensive local execution capabilities, including shell access, dependency installation, and test execution.\n
- Sanitization: The output from the file read is used directly to determine directory paths without validation or sanitization.
Audit Metadata