git-worktrees-usage
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill automatically executes package management, build, and test commands based on detected project files.
- Evidence: The skill scripts execute
npm install,cargo build,pip install,poetry install,go mod download,npm test,cargo test,pytest, andgo testautomatically upon creating a worktree. - Risk: Malicious repositories can include harmful code in install scripts (e.g.,
postinstallinpackage.json) or test suites. Because the skill triggers these automatically, it bypasses manual review of the repository's safety. - EXTERNAL_DOWNLOADS (LOW): Execution of package managers results in downloading third-party code from external registries (NPM, PyPI, etc.).
- PROMPT_INJECTION (LOW): The skill ingests untrusted data from
AGENTS.mdand project configuration files to determine its behavior. - Ingestion points:
AGENTS.md(via grep),package.json,Cargo.toml,requirements.txt,pyproject.toml,go.mod. - Boundary markers: None. The skill assumes the contents of these files are safe and intended for configuration.
- Capability inventory: Full subprocess execution for package managers and testing frameworks.
- Sanitization: None. The skill executes commands directly based on the presence of these files.
Audit Metadata