worktree-setup
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: Ingestion point: The skill accepts a branch name variable from the user or agent context within the SKILL.md instructions. Boundary markers: The branch name is interpolated into shell commands without delimiters or constraints. Capability inventory: The skill executes shell commands including git, mkdir, and echo. Sanitization: There is no evidence of validation or shell-escaping for the branch name, creating a surface for command injection.\n- [COMMAND_EXECUTION]: The skill uses multiple shell commands to manage the file system and Git environment, which is the primary vector for potential injection if parameters like {branch} are manipulated.\n- [COMMAND_EXECUTION]: The skill programmatically modifies the .gitignore file by appending the .worktrees/ directory path, demonstrating write access to repository configuration files.
Audit Metadata