using-git-worktrees
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill contains logic to automatically detect project types and run installation commands (
npm install,pip install,poetry install,go mod download) and test suites (npm test,cargo test,pytest,go test). These commands execute scripts defined within the repository's manifest files (e.g., package.json hooks or test files), which could contain malicious code provided by an untrusted source. - [COMMAND_EXECUTION] (HIGH): Arbitrary shell commands are constructed and executed based on the state of the local filesystem and the contents of
CLAUDE.md. The skill lacks a human-in-the-loop verification step before running these potentially destructive or malicious setup scripts. - [PROMPT_INJECTION] (HIGH): This skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: The skill reads directory preferences from
CLAUDE.mdand detects project structure frompackage.json,requirements.txt, and other manifests. - Boundary markers: Absent. The agent implicitly trusts the instructions and configurations found in these external files.
- Capability inventory: The skill possesses extensive execution capabilities, including subprocess spawning for package managers and test runners, as well as filesystem modification (
git worktree add,.gitignoreupdates). - Sanitization: Absent. There is no validation of the scripts or paths defined in the repository's configuration files before execution.
Recommendations
- AI detected serious security threats
Audit Metadata