worktree-kit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes Git commands using user-provided input, but implements multiple layers of protection.
- Input Validation: The script uses
git check-ref-format --branchto validate names and bases, ensuring they conform to Git standards and preventing shell injection or command flag injection. - Path Safety: The
assert_safe_worktree_pathandassert_worktrees_dirfunctions check every component of a target path to ensure it is not a symbolic link, preventing attackers from using symlinks to write files or delete directories outside of the intended.worktrees/directory. - Flag Injection Prevention: The script consistently uses the
--separator in Git commands (e.g.,git worktree add -- "$target" "$name") to ensure that user-provided names are treated as positional arguments rather than command-line options. - Safe File Handling: The
copy_envfunction copies environment files (.env*) using thecp -n(no-clobber) flag, preventing accidental overwriting of existing configuration. It also explicitly skips symbolic links to avoid copying files from outside the repository root. - Interactive Safety: The
cleanupcommand requires explicit user confirmation before performing deletions and uses standardgit worktree removewithout the--forceflag, minimizing the risk of accidental data loss.
Audit Metadata