using-git-worktrees
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill automatically executes project setup and verification commands including 'npm install', 'cargo build', 'pip install', and various test runners. This behavior is the primary purpose of the skill but executes code defined within the repository's configuration files.
- [EXTERNAL_DOWNLOADS] (LOW): The use of package managers (npm, pip, cargo, go mod) results in the download of third-party dependencies from external registries to the local system.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it reads and acts upon instructions in 'CLAUDE.md' and project manifest files to determine its execution path.
- Ingestion points: File reads of 'CLAUDE.md', 'package.json', 'Cargo.toml', 'requirements.txt', 'pyproject.toml', and 'go.mod'.
- Boundary markers: None. The agent interprets file content directly to decide which commands to run.
- Capability inventory: Shell command execution for 'git', 'npm', 'pip', 'cargo', 'go', and 'poetry'.
- Sanitization: None. The skill proceeds with command execution based on the presence of specific files without validating their contents.
Audit Metadata