rlm-worktree
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs git operations including worktree creation and branch verification, as well as executing project-specific build and test commands. These actions are limited to standard development tasks within the local repository context.
- [EXTERNAL_DOWNLOADS]: The skill automatically invokes package managers (npm, pip, cargo, etc.) to install project dependencies. This behavior is standard for development tools and is triggered by the presence of local project manifest files.
- [REMOTE_CODE_EXECUTION]: The skill executes package installation and test suites, which can involve running code defined in project metadata (e.g., npm install scripts). This is a core function of the skill's purpose for project setup.
- [PROMPT_INJECTION]: The skill reads project configuration files like CLAUDE.md to detect user preferences. This represents an indirect prompt injection surface.
- Ingestion points: CLAUDE.md, package.json, Cargo.toml, requirements.txt, pyproject.toml, go.mod, pom.xml, build.gradle, and .NET manifest files.
- Boundary markers: None present.
- Capability inventory: File system access, git operations, package manager execution, and test execution.
- Sanitization: No explicit content validation; triggers are based on standard file identification patterns.
Audit Metadata