git-worktree-agent-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard CLI tools including git for worktree and branch management, npm for testing and dependency installation, and gh (GitHub CLI) for pull request creation. These commands are used for their intended administrative and development purposes.
- [EXTERNAL_DOWNLOADS]: Includes instructions for git fetch and npm install, which download data from GitHub and the npm registry respectively. These are well-known, trusted services within the software development ecosystem.
- [PROMPT_INJECTION]: The orchestration workflow involves passing external data (issue titles and descriptions) to subagents, creating a surface for indirect prompt injection.
- Ingestion points: Subagent templates in SKILL.md (Step 3) incorporate {issue title} and {issue description} placeholders.
- Boundary markers: The skill uses markdown headers and bold formatting to structure the subagent prompt, though it does not include explicit instructions for the agent to ignore commands within the interpolated text.
- Capability inventory: Subagents are directed to use tool capabilities for filesystem modification and test execution (npm test).
- Sanitization: No explicit sanitization or filtering of the ingested issue content is defined in the workflow.
Audit Metadata