parallel
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill extensively uses Bash to automate git worktree management and process orchestration. It employs
tmux send-keysto programmatically control interactive terminal sessions and launch theclaudeCLI. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests a user-provided task description and interpolates it directly into prompt files for sub-agents (
prompt.md) without sanitization or boundary markers. These sub-agents possess broad capabilities including file system access and command execution. - [EXTERNAL_DOWNLOADS]: The setup procedure executes
uv pip install -e ., which may download and install Python packages from the Python Package Index (PyPI) or other remote registries based on the project configuration. - [CREDENTIALS_UNSAFE]: The automation script copies sensitive
.envfiles from the project root into multiple worktree subdirectories. While these remain within the local environment, this behavior increases the footprint of hardcoded credentials and secrets within the file system.
Audit Metadata