using-git-worktrees
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill automatically executes environment setup and testing commands including
npm install,pip install,cargo build,poetry install, and various test runners (pytest,cargo test, etc.) after initializing a worktree. This is standard behavior for a development-focused skill but involves executing code determined by the contents of the repository. - [EXTERNAL_DOWNLOADS]: The use of package managers such as
npm,pip,poetry, andgoinvolves downloading third-party dependencies from public registries. - [PROMPT_INJECTION]: The skill parses
CLAUDE.mdto find worktree directory preferences. This introduces an indirect prompt injection surface where repository content can influence the agent's behavior. - Ingestion points: Reads configuration from
CLAUDE.mdusinggrep(SKILL.md). - Boundary markers: None identified; the tool directly searches for pattern matches in the file.
- Capability inventory: Performs git operations, file system modifications (creating directories, editing
.gitignore), and executes arbitrary build/test commands (SKILL.md). - Sanitization: None identified for the input read from the project file.
Audit Metadata