worktree-coordination
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill reads from a shared registry (.claude/coordination/registry.json) which may contain instructions from other users. 1. Ingestion points: registry.json (fields: task, decision, rationale). 2. Boundary markers: Absent. 3. Capability inventory: Bash, Write, Read, Grep, Glob. 4. Sanitization: None.
- Command Execution (SAFE): The skill invokes local Git-related helper scripts in the bin directory, which is standard for workflow automation.
Audit Metadata