git-worktree
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION] (MEDIUM): The script
create_worktree.shautomatically performs project setup by runningnpm install,pip install, orflutter pub getdepending on detected files. - Evidence:
scripts/create_worktree.shlines 70-78. - Risk: These commands can execute arbitrary code defined in the repository's configuration files (e.g.,
preinstallscripts inpackage.json). If the user uses this skill on an untrusted or compromised repository, the system could be compromised during the "setup" phase. - [COMMAND_EXECUTION] (LOW): The script executes shell commands using variables derived from user input.
- Evidence:
scripts/create_worktree.shlines 50 and 70 utilize$NEW_BRANCH,$BASE_BRANCH, and$WORKTREE_PATHinside shell commands. - Risk: While the variables are double-quoted to prevent simple word splitting, highly craft input or path traversal attempts in branch names could lead to unintended file system operations or git errors.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted data from the local repository.
- Ingestion points:
package.json,requirements.txt, andpubspec.yamlfiles within the target repository. - Boundary markers: None present; the script blindly trusts the existence and content of these files for decision making.
- Capability inventory: Subprocess execution of
git,npm,pip, andfluttercommands. - Sanitization: No validation is performed on the content of the repository files before processing.
- [EXTERNAL_DOWNLOADS] (LOW): The skill triggers the download of external packages from public registries.
- Evidence: Execution of
npm installandpip install -r requirements.txtinscripts/create_worktree.sh.
Audit Metadata