using-git-worktrees
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard shell commands for development workflows, including
git worktree add, dependency installation (npm install,pip install,poetry install,cargo build,go mod download), and test execution (npm test,cargo test,pytest,go test). These operations are consistent with the skill's purpose of setting up isolated workspaces. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface as it processes repository files to guide its behavior. This is characteristic of development automation tools and is handled within the context of project-local operations.
- Ingestion points: Reads directory preferences from
CLAUDE.mdand identifies project types via configuration files likepackage.json,Cargo.toml, andrequirements.txt. - Boundary markers: No specific delimiters are used when parsing preferences from
CLAUDE.mdor detecting manifest files. - Capability inventory: The skill has the capability to execute shell commands and trigger various package managers and test suites based on file presence.
- Sanitization: The skill relies on file existence and standard tool chains; it does not explicitly sanitize the contents of the metadata files it reads before proceeding with established development commands.
Audit Metadata