using-git-worktrees
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill invokes package managers (
npm install,pip install,poetry install,go mod download) to prepare the workspace. Although these tools download third-party code from external registries, this is standard behavior for a workspace isolation utility. - [COMMAND_EXECUTION] (LOW): The skill executes build commands (
cargo build) and test suites (npm test,pytest,go test) to verify the state of the worktree. While this involves executing code within the repository, it is required for the tool's 'Safety Verification' phase. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it reads directory preferences directly from
CLAUDE.mdwithout sanitization. - Ingestion points:
CLAUDE.md,.gitignoreviagrepandlsoperations. - Boundary markers: Absent; the skill lacks delimiters or instructions to ignore embedded commands within the ingested files.
- Capability inventory: Full shell execution capability for git, package managers, and test runners.
- Sanitization: Absent; the skill does not validate the content of the preferences extracted from project files.
Audit Metadata