Skills
skills/iskisraell/skills/worktree-feature-execution/Gen Agent Trust Hub

worktree-feature-execution

Pass

Audited by Gen Agent Trust Hub on Feb 23, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell scripts to manage Git repositories. These scripts use standard utilities like git and gh to create worktrees, branches, and PRs. Argument handling within the scripts is robust, including slugification of user-provided feature names to prevent shell injection.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes project-level configuration from AGENTS.md and project.yaml, as well as PR body content from .git/PR_BODY.md.
  • Ingestion points: AGENTS.md, project.yaml, and .git/PR_BODY.md are read to determine conventions and PR content.
  • Boundary markers: No explicit delimiters or boundary markers are used when reading these files.
  • Capability inventory: The skill can perform file system operations (mkdir), Git operations (git worktree, git branch, git rebase), and GitHub operations via the gh CLI (PR creation and merging).
  • Sanitization: Input strings used for branch naming (feature names) are sanitized using tr and sed to create safe slugs, minimizing the risk of command injection through malicious file content.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 23, 2026, 01:48 PM