iterm-worktree

Warn

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/worktree.py implements iTerm2 integration by generating AppleScript that types commands into new terminal tabs.
  • [COMMAND_EXECUTION]: User-controlled variables, including the branch name and task description, are directly interpolated into the command strings sent to the terminal.
  • [COMMAND_EXECUTION]: The sanitization logic in scripts/worktree.py is incomplete. It only escapes double and single quotes in the task description but fails to sanitize the branch name or prevent shell metacharacter injection (e.g., subshell execution via $() or backticks).
  • [COMMAND_EXECUTION]: This creates a command injection surface. If an attacker can influence the branch name or task description (for example, through indirect prompt injection if the agent is tasked to work on a branch named after a malicious payload), they could execute arbitrary shell commands in the user's terminal environment.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 16, 2026, 12:10 PM
Security Audit — agent-trust-hub — iterm-worktree