using-git-worktrees
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill identifies setup and test commands by reading untrusted files within the repository context.
- Ingestion points:
AGENTS.md,README.md,package.json,Makefile, and other documentation/tooling hints. - Boundary markers: None present; the agent is instructed to find and execute commands directly from these files.
- Capability inventory: The skill executes arbitrary shell commands discovered in the repo (Step 3: Run project setup, Step 4: Verify clean baseline).
- Sanitization: No sanitization or validation of the discovered commands is performed before execution.
- [Dynamic Execution] (LOW): The skill performs runtime discovery and execution of commands found in the repository. While this is the primary purpose of the skill (automating developer workflows), it creates a vector where a malicious repository could trigger harmful actions if the agent executes a 'setup' command containing malicious code. Severity is rated LOW as this behavior is core to the tool's utility as a developer assistant.
Audit Metadata