Skills
skills/zhucl1006/ailesuperpowers/aile-git-worktrees/Gen Agent Trust Hub

aile-git-worktrees

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands to perform Git operations and manage project dependencies.
  • Evidence: The skill triggers git worktree add, npm install, cargo build, pip install -r requirements.txt, poetry install, and go mod download based on the detection of specific files in the workspace.
  • [PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection through untrusted project metadata and configuration files.
  • Ingestion points: The skill reads CLAUDE.md to determine directory preferences and parses file presence for package.json, Cargo.toml, requirements.txt, pyproject.toml, and go.mod to decide which commands to execute.
  • Boundary markers: Absent. There are no delimiters or instructions to treat the content of these files as untrusted data.
  • Capability inventory: The skill has the capability to execute package managers and test runners (e.g., npm test, pytest), which can run arbitrary code defined in the project's configuration (like npm lifecycle scripts).
  • Sanitization: The skill does not perform any validation or sanitization on the contents of the project files before executing associated setup or test commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 04:19 AM