Skills
skills/jamesrochabrun/skills/git-worktrees/Gen Agent Trust Hub

git-worktrees

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface detected in the slash command template.
  • Ingestion points: The template in references/slash_command_template.md uses args.0 and args.1 (user-provided branch names) as direct inputs for shell script generation.
  • Boundary markers: Absent. The template directly places arguments into shell variable assignments.
  • Capability inventory: The generated scripts execute git worktree and git branch commands.
  • Sanitization: While the standalone scripts/create_worktree.sh uses sed 's/[^a-z0-9-]//g' for sanitization, the simplified command template provided in the markdown reference lacks this protection, creating a risk if the agent copies the template exactly for use with untrusted user input.
  • [COMMAND_EXECUTION] (SAFE): The provided shell scripts perform various git operations and file system deletions (rm -rf). These are legitimate for the skill's purpose and include interactive confirmations and input validation (e.g., regex checks for numeric selections in cleanup_worktrees.sh) to prevent accidental or malicious misuse.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:44 PM