git-worktree
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The worktree-manager.sh script identifies and copies sensitive environment configuration files (such as .env, .env.local, and .env.test) from the main repository to each new worktree directory. This process results in the duplication of sensitive credentials, including API keys and secrets, across multiple locations on the local filesystem.
- [COMMAND_EXECUTION]: The skill relies on a bash script to perform file system and Git operations, including creating directories, copying files, and adding worktrees. These actions are triggered based on user-supplied branch names and affect the local environment and repository state.
Audit Metadata