gwt
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [NO_CODE] (SAFE): The skill consists entirely of markdown documentation and does not include any executable scripts, binaries, or configuration files.
- [DATA_EXFILTRATION] (LOW): The documented feature to automatically copy
.envfiles into a centralized directory (worktrees/) increases the exposure surface for local credentials. - [PROMPT_INJECTION] (LOW): The skill instructions create a surface for indirect prompt injection where an agent might ingest untrusted branch names and interpolate them into bash commands. Evidence: 1. Ingestion points: Git branch names via
gwt ls. 2. Boundary markers: None specified in the instructions. 3. Capability inventory: Execution ofbashcommands includingbun installandgh pr create. 4. Sanitization: No sanitization logic is described for handling potentially malicious branch names.
Audit Metadata