wt-cleanup
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using 'git' and 'gh' to manage repository state and delete local files (worktrees). While this is the intended functionality of a cleanup tool, it requires write access to the repository and the ability to close pull requests.
- [PROMPT_INJECTION]: This skill presents an indirect prompt injection surface (Category 8) by processing external data. Ingestion points: Data enters the agent context via 'git worktree list' and 'gh pr list' outputs, specifically branch names and PR numbers. Boundary markers: No explicit delimiters or boundary markers are defined to separate these potentially untrusted strings from command templates. Capability inventory: The skill has the capability to delete local directories, delete git branches, and modify remote GitHub PR states. Sanitization: There is no mention of sanitization or validation of the branch names or PR identifiers before they are interpolated into commands such as 'gh pr close {number}'.
Audit Metadata