Skills
skills/oimiragieo/agent-studio/using-git-worktrees/Gen Agent Trust Hub

using-git-worktrees

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill automates the execution of common development commands such as npm install, pip install, cargo build, and test runners like npm test and pytest. These actions are performed conditionally upon detecting relevant project files to prepare the worktree environment.
  • [EXTERNAL_DOWNLOADS]: The skill uses official package managers to download project dependencies from well-known registries (e.g., NPM, PyPI), which is required for its primary purpose of setting up development workspaces.
  • [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface by reading configuration data from CLAUDE.md, which is a file within the potentially untrusted project repository.
  • Ingestion points: The skill parses CLAUDE.md using grep to find specific worktree directory preferences.
  • Boundary markers: No explicit markers are used to separate the parsed data from the agent's logic, creating a surface where repository content could influence agent decisions.
  • Capability inventory: The agent has access to the Bash and Read tools, allowing it to perform arbitrary filesystem and network operations based on instructions.
  • Sanitization: No sanitization or validation of the extracted string from CLAUDE.md is specified beyond simple keyword matching.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 02:59 AM