using-git-worktrees
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes repository-defined commands such as
npm install,cargo build,pip install, and various test runners (npm test,pytest, etc.). While this involves executing local code from the project, it is the intended primary purpose of the skill to set up and verify the workspace. - [EXTERNAL_DOWNLOADS] (LOW): The use of package managers (
npm,pip,poetry,cargo,go mod) results in downloading external dependencies from public registries. This is a standard part of the development workflow facilitated by the skill. - [PROMPT_INJECTION] (LOW): The skill performs indirect ingestion of untrusted data by reading configuration preferences from
CLAUDE.md. - Ingestion points: Reads
CLAUDE.mdusinggrepto find worktree directory preferences. - Boundary markers: None; the skill assumes the content of
CLAUDE.mdis valid configuration. - Capability inventory: Can execute shell commands, install packages, and write to
.gitignore. - Sanitization: None; the path extracted from
CLAUDE.mdis used in a shellcasestatement and for directory path construction.
Audit Metadata