Skills
skills/testacode/llm-toolkit/worktree-manager/Gen Agent Trust Hub

worktree-manager

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs various file system and repository operations using the Bash tool.
  • Evidence: Executes git worktree, git branch, git push, grep, mkdir, and gh pr create commands throughout SKILL.md.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the way it handles external repository data and user input.
  • Ingestion points: Data is ingested into the agent context via git worktree list results, .gitignore file content, and user-provided branch descriptions in SKILL.md sections 2, 3, and 5.
  • Boundary markers: Absent. There are no clear delimiters or instructions telling the agent to treat data from the repository as untrusted.
  • Capability inventory: The skill has access to the Bash, Read, and Write tools, allowing for command execution and file modification.
  • Sanitization: Absent. The instructions do not define any validation or escaping for the branch names or command outputs before they are processed or executed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 12:07 PM