worktree
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands to manage Git worktrees, update .gitignore files, and trigger project setup or test routines.
- [EXTERNAL_DOWNLOADS]: The skill uses standard package managers (npm, pip, poetry, go) to install dependencies defined in local repository files.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface. Ingestion points: CLAUDE.md, package.json, Cargo.toml, requirements.txt, pyproject.toml, and go.mod. Boundary markers: Absent. Capability inventory: Command execution via npm, pip, poetry, cargo, and go. Sanitization: No sanitization of ingested file content is performed before use in shell commands.
Audit Metadata