ephemeral-worktree
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local git commands for branch and worktree management, including creating and removing ephemeral worktrees. It also provides examples for running project test suites using standard runners like npm or pytest to verify changes within the isolated directory.
- [PROMPT_INJECTION]: The skill identifies a potential surface for indirect prompt injection because it processes repository files to implement features or fixes. Mandatory evidence: 1. Ingestion points: Local repository files being modified. 2. Boundary markers: None. 3. Capability inventory: Local git operations and project test execution. 4. Sanitization: Not explicitly implemented. This risk is assessed as low due to the isolated nature of the worktree and the requirement for developer review.
- [SAFE]: The primary function of this skill is to enhance safety and workspace integrity by ensuring all agent modifications occur in an isolated environment that can be easily reviewed or discarded without impacting the primary development branch.
Audit Metadata