compare-worktrees
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill dynamically constructs shell commands (e.g.,
diff,git diff) using user-provided paths and branch names. While the tool definition restricts execution to specific binaries, this mechanism creates a surface for reading arbitrary files or potential argument injection if the underlying agent does not properly sanitize inputs. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8) because it ingests and processes untrusted data from local files.
- Ingestion points: File contents retrieved through
diffandgit diffoperations are presented to the agent. - Boundary markers: The skill uses headers like "Comparing: [path]" to separate file metadata from content, but it lacks explicit instructions for the agent to ignore any potential commands embedded within the diff output.
- Capability inventory: The skill utilizes
git,diff,ls,find,pwd, andstatusvia the Bash tool. - Sanitization: No sanitization or filtering of file content is performed before it is displayed to the agent.
Audit Metadata