using-git-worktrees
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill triggers automatic code execution via
npm install,pip install, and various test runners (npm test,pytest, etc.) when it detects manifest files. This constitutes a severe RCE risk if the repository contains malicious scripts in these lifecycle hooks. \n- PROMPT_INJECTION (HIGH): Vulnerability surface for indirect injection (Category 8) detected. 1. Ingestion points:CLAUDE.md,package.json,requirements.txt,Cargo.toml. 2. Boundary markers: None. 3. Capability inventory: subprocess execution of package managers and test runners, file modification (.gitignore), and git commits. 4. Sanitization: None. This surface allows a malicious project to execute code or influence agent paths through repository data. \n- EXTERNAL_DOWNLOADS (MEDIUM): The skill initiates network requests to public package registries (npm, PyPI, etc.) based on untrusted manifest files in the workspace, creating an opening for dependency-based attacks.
Recommendations
- AI detected serious security threats
Audit Metadata