wt-status
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands including
git worktree list,git status, andgit logto gather repository state. These are standard operations for the skill's primary purpose.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing untrusted data from the local environment and external tools. - Ingestion points: Branch names, commit messages (via
git log), and database records retrieved from theworktree_list_activeMCP tool. - Boundary markers: No specific delimiters or safety instructions are used to isolate external data from the agent's core logic.
- Capability inventory: The agent has access to shell execution for git commands and MCP tool invocation.
- Sanitization: The skill does not implement sanitization or escaping for branch names or commit descriptions before rendering them in the output.
Audit Metadata