worktree-manager
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill ingests Git metadata (branch names and paths) from command output, which is a theoretical surface for indirect prompt injection. However, this is inherent to the skill's primary purpose and no specific vulnerabilities were detected.\n
- Ingestion points: Output from
git worktree listas described inreferences/listing.md.\n - Boundary markers: Absent; command output is processed without specific delimiters or instructions to ignore embedded content.\n
- Capability inventory: Git worktree management (
add,remove,prune), directory deletion (rmdir), and.gitignoreupdates viaecho.\n - Sanitization: Absent; the skill relies on the agent's default handling of command arguments.\n- Command Execution (SAFE): All commands (
git,grep,echo,rmdir,basename) are localized to the repository and used according to best practices for Git worktree management.
Audit Metadata