Skills
skills/hjewkes/agent-skills/using-git-worktrees/Gen Agent Trust Hub

using-git-worktrees

Warn

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The worktree-setup script executes multiple shell commands including git worktree, mkdir, and git commit to manage the local environment. It also executes a test script located at the hardcoded path ~/.agents/bin/run-tests.
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill automatically invokes package managers (npm, pip, cargo, poetry, go) to install dependencies when it detects manifest files in a repository. This involves downloading and executing third-party code from external registries based on repository contents.
  • PROMPT_INJECTION (LOW): This finding relates to the surface for Indirect Prompt Injection (Category 8).
  • Ingestion points: The skill reads configuration values (worktree directory preference) from the CLAUDE.md file using grep and sed.
  • Boundary markers: No explicit markers or warnings are used to isolate configuration data from script logic.
  • Capability inventory: The skill can modify the file system, update .gitignore, commit to the repository, install software packages, and execute local binaries.
  • Sanitization: Values extracted from CLAUDE.md are not validated for directory traversal (e.g., ../) or other malicious patterns, although shell execution uses quoted variables.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 20, 2026, 05:59 PM