using-git-worktrees
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill automatically executes setup and test commands based on files detected in the workspace, creating a significant Indirect Prompt Injection surface (Category 8). -- Ingestion points: package.json, Cargo.toml, requirements.txt, pyproject.toml, and go.mod. -- Boundary markers: Absent; the agent is instructed to run setup and tests immediately upon detection. -- Capability inventory: Execution of npm install, cargo build, pip install, poetry install, go mod download, npm test, cargo test, pytest, and go test via shell. -- Sanitization: Absent; no validation or inspection of the external configuration files is performed before execution.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill invokes various package managers that download code from external public registries (npm, PyPI, etc.) without version pinning or integrity verification in the skill logic itself, relying on untrusted project files to define those dependencies.
Recommendations
- AI detected serious security threats
Audit Metadata