Skills
skills/shunsukehayashi/miyabi-claude-plugins/Agent Execution with Worktree/Gen Agent Trust Hub

Agent Execution with Worktree

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): The skill employs persona-based instructions ("あなたは「カエデ」です") when sending commands via TMUX. While functional, this pattern of direct persona assignment and instructional piping can be targeted by injection attacks.
  • [COMMAND_EXECUTION] (SAFE): The skill utilizes cargo run, git worktree, and gh (GitHub CLI). These commands are necessary for the skill's primary purpose of automating code generation and repository management and are executed on the local repository context.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes external data (GitHub Issues) which are then acted upon by agents with code-writing capabilities.
  • Ingestion points: GitHub Issue content accessed via the --issue flag in SKILL.md.
  • Boundary markers: Absent; instructions do not include delimiters to separate untrusted issue data from the system instructions.
  • Capability inventory: The skill leverages cargo, git, and tmux to perform code builds, testing, and PR creation.
  • Sanitization: No explicit sanitization or filtering of issue content is performed before passing it to the agent workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:27 PM