using-git-worktrees
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill automatically invokes shell commands for dependency management including 'npm install', 'cargo build', 'pip install', 'poetry install', and 'go mod download' based on the detection of specific project manifest files.
- [COMMAND_EXECUTION]: The skill executes test runners ('npm test', 'cargo test', 'pytest', 'go test') which involves running code defined within the repository.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its interaction with repository data.
- Ingestion points: The skill parses 'CLAUDE.md' for directory preferences and identifies project types via manifest files like 'package.json' or 'Cargo.toml'.
- Boundary markers: None; the skill does not use delimiters or instructions to ignore potentially malicious content embedded in the manifest files or 'CLAUDE.md'.
- Capability inventory: The skill has the ability to write to the file system (modifying '.gitignore'), commit changes to the git history, and execute arbitrary code via package manager hooks (e.g., 'preinstall' scripts) or test files.
- Sanitization: No evidence of sanitization or validation of the input from 'CLAUDE.md' or project files before they are used to determine command execution paths.
Audit Metadata