worktree-parallel
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill interpolates user-provided inputs like
<slug>and<branch>directly into shell commands (e.g.,git worktree add). This creates a command injection vulnerability if the user input contains shell metacharacters such as semicolons, pipes, or backticks.\n- [REMOTE_CODE_EXECUTION]: The commandpnpm run setup-worktreeexecutes scripts defined in the repository'spackage.jsonfile. This allows for the execution of arbitrary code if the repository being worked on is malicious.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface.\n - Ingestion points: User-provided feature names and repository configuration files (e.g.,
package.json).\n - Boundary markers: None present; instructions lack delimiters or warnings to ignore embedded commands in inputs.\n
- Capability inventory: Execution of Git, package manager, and editor commands.\n
- Sanitization: No validation or escaping is performed on external strings before they are used in shell commands.
Audit Metadata