gw-config-management
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides documentation on configuring 'post-add' hooks in '.gw/config.json' to run shell commands such as 'pnpm install' automatically when a worktree is created.
- [EXTERNAL_DOWNLOADS]: The skill is installed via npx from a GitHub repository managed by the author ('mthines') and facilitates repository cloning as part of its initialization process.
- [DATA_EXFILTRATION]: The skill instructs users on how to configure the automatic copying of local sensitive files, including '.env' files and 'secrets/' directories, between Git worktrees.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes repository-level configuration files. Ingestion points: '.gw/config.json' (SKILL.md). Boundary markers: None identified (SKILL.md). Capability inventory: Shell command execution via 'post-add' hooks (advanced.md), file system operations for copying data (auto-copy.md). Sanitization: No explicit sanitization of configuration values is described.
Audit Metadata