git-worktree
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill instructs the agent to perform sensitive shell operations, including recursive directory deletion (
rm -rf) and running local project scripts (npm run dev). If these commands are executed on a repository containing malicious configurations or if the agent misinterprets file paths, it can lead to data loss or arbitrary code execution. - EXTERNAL_DOWNLOADS (HIGH): The PR review workflow includes
npm install, which downloads and executes third-party packages from the NPM registry. Since the skill is designed to work with external branches (e.g.,origin/feature-y), it implicitly trusts code from external sources, making it vulnerable to supply chain attacks. - REMOTE_CODE_EXECUTION (HIGH): By combining
git fetch(fetching remote code) withnpm installandnpm run dev(executing that code), the skill creates a direct pipeline for Remote Code Execution. An attacker could submit a PR with a maliciouspostinstallscript or a poisoneddevscript that executes when the agent follows the skill's workflow instructions.
Recommendations
- AI detected serious security threats
Audit Metadata