Skills
skills/shikajiro/claude-code-skill-example/create-worktree/Gen Agent Trust Hub

create-worktree

Warn

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The script create_worktree.sh accesses and copies sensitive environment files including .env, .envrc, and various module-specific .env files to the new worktree directory. These files are known to contain secrets, and their exposure to automated scripts increases the risk of data leakage.
  • [COMMAND_EXECUTION]: The script automatically runs make setup in the new worktree directory. This enables the execution of arbitrary commands defined in the local Makefile without explicit user confirmation of the Makefile's content.
  • [PROMPT_INJECTION]: The user-provided feature-name is used directly in file system paths and git branch names without sanitization, presenting an indirect prompt injection or path traversal surface. Ingestion points: script argument in create_worktree.sh. Boundary markers: None. Capability inventory: subprocess calls to git, cp, and make in create_worktree.sh. Sanitization: No validation or escaping of the input string is performed.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 2, 2026, 02:13 AM