git-worktree
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill instructs the agent to execute a local bash script
scripts/worktree-manager.shwhich is not included in the provided files. This makes the execution logic opaque and prevents verification of how user-supplied inputs (like branch names) are handled. - [DATA_EXFILTRATION] (LOW): The skill specifically automates the copying of
.envfiles. Since these files typically contain sensitive API keys and credentials, their management through an unprovided and unverified script is a risk factor. - [PROMPT_INJECTION] (LOW): (Category 8 Evidence Chain) 1. Ingestion points: The skill accepts
branch-nameandsource-branchas untrusted inputs from the user. 2. Boundary markers: None are present in the provided documentation to prevent argument injection. 3. Capability inventory: The skill has the capability to execute shell scripts via thebashcommand. 4. Sanitization: Sanitization cannot be verified because the execution scriptscripts/worktree-manager.shis missing from the skill payload.
Audit Metadata