dot-ai-worktree-prd
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill dynamically constructs and executes shell commands, including
git,ls,grep, andcd, using variables derived from external sources. - [COMMAND_EXECUTION]: The user-provided
[PRD_NUMBER]is directly interpolated into a shell command (ls prds/ | grep "^[PRD_NUMBER]-") without explicit shell-escaping, creating a potential command injection vector. - [COMMAND_EXECUTION]: The skill creates directories and branches outside the current repository context (
../${repo_name}-[branch-name]) using names generated from the content of local files (prds/directory). - [COMMAND_EXECUTION]: Ingestion points: The skill processes data from the
prds/directory and direct user input. Capability inventory: It has the ability to execute arbitrary subprocesses through the shell. Sanitization: While Step 3 provides rules for cleaning the PRD title, there are no boundary markers or strict validation to prevent a malicious PRD title from influencing the command line execution in the agent's environment.
Audit Metadata