worktree-manager
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from the local repository, such as git commit messages, branch names, and file contents (specifically when scanning for TODO/FIXME comments). This creates an indirect prompt injection surface where malicious instructions embedded in the repository could potentially influence the agent's output or actions.
- Ingestion points: Repository metadata and file content accessed via
git status,git log, andgit diffwithinSKILL.md. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present when processing repository data.
- Capability inventory: The skill performs shell command execution (git) and local file system reading.
- Sanitization: No sanitization or filtering of the strings retrieved from git logs or file diffs is performed before they are displayed or used in the dashboard.
Audit Metadata