using-git-worktrees
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): Detected an attack surface where untrusted repository data can influence agent behavior. 1. Ingestion points: The skill selects workspace paths based on the existence of directories (ls) and contents of .gitignore or CLAUDE.md. 2. Boundary markers: Absent; no specific instructions prevent the agent from obeying embedded directives in these files. 3. Capability inventory: Execution of git worktree commands, npm install, pip install, and cargo build. 4. Sanitization: Absent; the skill assumes the integrity of the local project structure.
- [Unverifiable Dependencies & Remote Code Execution] (LOW): Instructions include standard commands like npm install, pip install, and cargo build. While these involve downloading and executing external code, they are necessary for the skill's primary purpose of setting up development environments and are restricted to the user's project context.
- [Command Execution] (SAFE): Shell commands like ls, grep, and cd are used appropriately for directory orchestration and safety checks.
Audit Metadata