worktrees
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION] (MEDIUM): The skill automates the copying of sensitive environment files (
.env*) from the root directory into worktree subdirectories. This practice increases the attack surface for credentials and may lead to accidental exposure if these directories are not properly ignored by version control. - [COMMAND_EXECUTION] (MEDIUM): Branch names provided by the user or the agent are interpolated directly into shell commands like
git worktree add .worktrees/<branch-name>. Without strict validation or escaping, this presents a shell injection vulnerability where a malicious branch name could execute arbitrary commands. - [REMOTE_CODE_EXECUTION] (MEDIUM): The skill triggers the execution of project-specific files such as
./tailwindcssand./watch.sh, as well asmaketargets. If an agent uses this skill on a compromised or malicious repository, it will execute these potentially harmful binaries or scripts with local privileges. - [EXTERNAL_DOWNLOADS] (LOW): The workflow includes a step to download external binaries (e.g.,
make tailwindcss). While standard for development, this introduces a dependency on the integrity of the project's build system and the external hosting providers it uses.
Audit Metadata