using-git-worktrees
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill automatically invokes package managers (npm, pip, poetry, cargo, go) to download and install dependencies. This is a standard development workflow but relies on the integrity of external registries and project manifest files.
- COMMAND_EXECUTION (LOW): Automatically runs project test suites (npm test, pytest, etc.) to verify baseline cleanliness. This involves executing code defined within the repository, which could be malicious if the repository itself is untrusted.
- INDIRECT_PROMPT_INJECTION (LOW): The skill processes untrusted project files to drive its execution logic. Evidence: (1) Ingestion points: package.json, Cargo.toml, requirements.txt, go.mod in the project root. (2) Boundary markers: None. (3) Capability inventory: Executes subprocesses for install and test commands. (4) Sanitization: None.
Audit Metadata