using-git-worktrees
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements logic to manage Git worktrees and automate local environment setup without any detected malicious patterns or obfuscation.
- [COMMAND_EXECUTION]: Shell commands are used to create worktrees, navigate directories, and run project tests. These commands are standard for development workflows and are used as intended within the skill's scope.
- [EXTERNAL_DOWNLOADS]: The skill triggers standard package managers (npm, pip, cargo, go) to install dependencies if manifest files are present. These operations target official package registries.
- [PROMPT_INJECTION]: The skill has an indirect injection surface as it reads configuration from
CLAUDE.mdand executes tests defined in the repository. - Ingestion points: Reads directory preferences from
CLAUDE.mdand uses repository-provided manifest files (SKILL.md). - Boundary markers: None present for data read from
CLAUDE.mdor manifest files. - Capability inventory: Execution of
npm install/test,pip install,cargo build/test,go mod/test, andgit worktree(SKILL.md). - Sanitization: Uses
basenamefor project naming but lacks specific content sanitization for external data inputs.
Audit Metadata