using-git-worktrees
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard development commands such as
bundle install,npm install,cargo build, andpip installto set up the project environment. It also runs test suites usingbin/rails test,npm test,cargo test,pytest, andgo testto establish a clean baseline. - [EXTERNAL_DOWNLOADS]: The skill uses established package managers (npm, pip, bundle, poetry, cargo, go) to download project dependencies from their respective official registries. These operations are standard for development workflows and triggered by the presence of project configuration files like
package.jsonorGemfile. - [DATA_EXPOSURE_AND_EXFILTRATION]: The skill reads project configuration files and Git metadata to determine the project name and structure. It also offers to store worktrees in a global directory (
~/.config/superpowers/worktrees/), which involves standard filesystem access consistent with the skill's documented purpose of workspace isolation.
Audit Metadata