worktree-cleanup
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the bash tool to execute git commands, including 'git worktree remove' and 'git branch -d'. This provides a surface for command execution on the host system.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface in the way it handles branch names. * Ingestion points: The '{branch}' variable is sourced from user input or the environment in SKILL.md. * Boundary markers: There are no boundary markers or instructions to ignore embedded commands within the '{branch}' variable. * Capability inventory: The skill has the capability to delete files and directories via git tools. * Sanitization: No validation or escaping is applied to the '{branch}' variable, allowing potential shell metacharacters (e.g., semicolons or pipes) to trigger unintended command execution.
Audit Metadata