using-git-worktrees
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands to manage Git worktrees (
git worktree add), check directory existence (ls -d), and perform repository maintenance (git check-ignore,git commit). It also dynamically constructs file paths from variables like$LOCATION,$project, and$BRANCH_NAMEwithout explicit sanitization. - [EXTERNAL_DOWNLOADS]: Automated setup logic executes package managers (
npm install,pip install,poetry install,go mod download) based on detected project files, which results in downloading third-party code from external registries. - [REMOTE_CODE_EXECUTION]: The skill runs project-specific test suites (
npm test,pytest,cargo test,go test) which involves executing code residing in the local repository. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8).
- Ingestion points: Reads worktree directory preferences from
CLAUDE.mdand uses branch names provided in the execution context. - Boundary markers: No boundary markers or 'ignore embedded instructions' warnings are present when processing data from
CLAUDE.mdor git outputs. - Capability inventory: File system access, repository modification, and the ability to execute arbitrary code through package managers and test runners (found in
references/creation-steps.md). - Sanitization: Lacks explicit validation or escaping of input variables (
$LOCATION,$BRANCH_NAME) before they are interpolated into shell command strings.
Audit Metadata