flow-next-worktree-kit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The bash script implements git worktree management with several layers of security:
- Input Sanitization: User-provided branch names and base references are strictly validated using
git check-ref-formatandgit rev-parse, which effectively neutralizes shell injection and directory traversal risks. - Path Safety: The script verifies that the
.worktreesdirectory and all target paths are not symlinks, preventing attackers from tricking the tool into modifying files outside the repository. - Command Integrity: All git commands use the
--delimiter to ensure that user inputs are never interpreted as command-line flags. - [DATA_EXFILTRATION] (SAFE): The skill includes a
copy-envcommand that transfers.envfiles to new worktrees. This access to sensitive files is limited to the local filesystem within the same project boundary, is explicitly stated as a feature, and includes protections against following symlinks to unintended locations. There is no evidence of external data transmission. - [EXTERNAL_DOWNLOADS] (SAFE): The script performs a
git fetchfrom theoriginremote. This is a standard and expected operation for a git-based developer tool and does not involve downloading untrusted executable code.
Audit Metadata