using-git-worktrees
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill automatically executes setup and test commands such as npm install, npm test, and cargo build. This permits execution of arbitrary code if repository-defined scripts or manifests contain malicious commands.
- [REMOTE_CODE_EXECUTION] (MEDIUM): Automated dependency installation via package managers like npm, pip, and poetry can be exploited to run malicious payloads during the build or installation phase.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill triggers the download of software packages from external registries based on local repository configuration without integrity verification.
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface (Category 8) exists through the ingestion of configuration preferences from CLAUDE.md. Evidence Chain: 1. Ingestion points: CLAUDE.md and project configuration files (package.json, etc.). 2. Boundary markers: Absent; instructions are parsed via direct grep and file detection. 3. Capability inventory: Execution of system commands and package managers. 4. Sanitization: None identified.
Audit Metadata