using-git-worktrees
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands for repository management and development workflows, including 'git worktree', 'git commit', and 'git check-ignore'. It also runs environment-specific build and test tools like 'npm', 'cargo', 'pip', 'poetry', and 'go'. These operations are consistent with the skill's primary purpose.
- [EXTERNAL_DOWNLOADS]: The skill triggers remote package downloads via 'npm install', 'pip install', and other package managers to set up the workspace. These downloads target standard public registries and are expected behavior for development environment setup.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. Evidence: 1. Ingestion point: Reads preferences from 'CLAUDE.md'. 2. Boundary markers: Absent; instructions do not specify delimiters for data read from the file. 3. Capability inventory: Subprocess calls to git and package managers are present in the 'Creation Steps' and 'Run Project Setup' sections of SKILL.md. 4. Sanitization: Absent; values retrieved from external files are used directly in shell command construction for paths and branch names. This is categorized as a low-level risk typical for agentic development tasks.
Audit Metadata