using-git-worktrees
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes various system commands including
git worktree,npm install,cargo build,pip install, and test runners (npm test,pytest, etc.). While these are standard development operations, they represent an execution surface for project-defined scripts. - [EXTERNAL_DOWNLOADS] (LOW): Dependency installation commands (
npm install,go mod download, etc.) initiate network requests to external package registries. This is expected behavior for a project setup skill. - [Indirect Prompt Injection] (LOW): The skill reads from
CLAUDE.mdand project manifest files (package.json,Cargo.toml) to determine its behavior. An attacker controlling these files could influence the agent's actions. - Ingestion points:
CLAUDE.md(via grep), project root manifests. - Boundary markers: None specified for file content processing.
- Capability inventory: Shell execution of package managers and test suites.
- Sanitization: None; the skill relies on the presence of specific files to trigger execution paths.
Audit Metadata