using-git-worktrees
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes multiple shell commands including
git worktree,npm install,cargo build, andpip install. While these commands execute code, they are standard for the primary purpose of workspace initialization. - [EXTERNAL_DOWNLOADS] (SAFE): Invokes package managers (
npm,pip,poetry,go mod) which download external dependencies. This is expected behavior for setting up a development environment. - [INDIRECT_PROMPT_INJECTION] (LOW):
- Ingestion points: The skill reads user preferences from a local file named
CLAUDE.mdusinggrepto determine directory locations. - Boundary markers: No specific boundary markers are used when reading from
CLAUDE.md. - Capability inventory: The skill can execute arbitrary code via package manager installation scripts and test runners (
npm test,pytest, etc.). - Sanitization: The skill employs a
casestatement to validate the extractedLOCATIONvariable, ensuring it matches expected patterns (.worktrees,worktrees, or a specific global path) before using it in path construction.
Audit Metadata