Skills
skills/iliaal/compound-engineering-plugin/git-worktree/Gen Agent Trust Hub

git-worktree

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The worktree-manager.sh script executes several shell commands and Git operations to manage the worktree lifecycle, including git worktree, git checkout, git pull, and filesystem operations like mkdir and cp.
  • [CREDENTIALS_UNSAFE]: The manager script automatically copies sensitive environment files (matching .env* patterns) from the main repository to newly created worktree paths to ensure configuration parity. This involves accessing files that typically store secrets and credentials.
  • [EXTERNAL_DOWNLOADS]: The SKILL.md instructions guide the agent to perform dependency installation using package managers such as npm, pip, composer, and go when manifest files are detected in a new worktree, which leads to the downloading of external code from public registries.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 02:12 PM