using-git-worktrees
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a wide variety of shell commands including git, npm, pip, poetry, go, cargo, and bundle. These are used for workflow management, dependency installation, and running tests.
- [EXTERNAL_DOWNLOADS]: Automatically triggers dependency downloads via package managers when indicator files are detected. These downloads occur from official registries such as NPM and PyPI, which are well-known services.
- [PROMPT_INJECTION]: Contains an indirect prompt injection surface (Category 8) because it automatically executes commands based on the content of files found in the repository.
- Ingestion points: Project configuration and lock files (e.g., package.json, requirements.txt, Cargo.toml) analyzed in Phase 4 of SKILL.md.
- Boundary markers: Absent; the skill does not wrap file contents or warn the agent about potential instructions inside these files.
- Capability inventory: The skill allows execution of installation scripts, build commands, and test suites across multiple ecosystems in Phase 4 and Phase 5.
- Sanitization: Absent; the skill does not specify validation or sanitization of the detected configuration files before execution.
Audit Metadata