Worktree Feature Development
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): Shell commands are constructed using direct interpolation of user-provided strings.\n
- Evidence: In SKILL.md, the
FEATURE_NAMEvariable is assigned from user input and used within agit worktree addbash command.\n - Risk: Malicious input containing shell metacharacters (e.g., semicolons, backticks) could lead to unintended command execution.\n- [INDIRECT_PROMPT_INJECTION] (LOW): The skill handles untrusted data without sanitization, creating a risk surface for downstream injection.\n
- Ingestion points: User-provided feature name in SKILL.md.\n
- Boundary markers: Absent; user input is interpolated directly into command strings without delimiters or instructions to ignore embedded commands.\n
- Capability inventory: Git repository management (worktree, branch, rev-parse) and file system navigation (cd).\n
- Sanitization: Absent; there is no validation or escaping of the input string before it is used to construct executable commands.
Audit Metadata