using-git-worktrees
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill automatically executes project-specific build and test commands (e.g.,
npm install,npm test,cargo build,pytest,go test). This is standard for development automation but means the agent will execute code defined in the project's configuration files. - [EXTERNAL_DOWNLOADS] (LOW): The use of package managers like
npm,pip,poetry, andgotriggers downloads from external registries. Per [TRUST-SCOPE-RULE], these are considered low risk as they target trusted standard registries, but the packages themselves are defined by the untrusted project files. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests data from
CLAUDE.mdto determine directory preferences. - Ingestion points:
CLAUDE.mdviagrep. - Boundary markers: None used during the grep operation.
- Capability inventory: File system access, command execution (npm/pip/git).
- Sanitization: The skill uses a
casestatement to validate the$LOCATIONvariable against a whitelist of allowed paths (.worktrees,worktrees, or a specific global path), which significantly mitigates path traversal or injection risks from theCLAUDE.mdinput. - [DATA_EXFILTRATION] (SAFE): The skill includes an explicit 'Safety Verification' step that uses
git check-ignoreto ensure isolated worktrees are not accidentally tracked or committed to the repository, which is a security best practice for data leakage prevention.
Audit Metadata