iterm-worktree
Warn
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/worktree.pyimplements iTerm2 integration by generating AppleScript that types commands into new terminal tabs. - [COMMAND_EXECUTION]: User-controlled variables, including the branch name and task description, are directly interpolated into the command strings sent to the terminal.
- [COMMAND_EXECUTION]: The sanitization logic in
scripts/worktree.pyis incomplete. It only escapes double and single quotes in the task description but fails to sanitize the branch name or prevent shell metacharacter injection (e.g., subshell execution via$()or backticks). - [COMMAND_EXECUTION]: This creates a command injection surface. If an attacker can influence the branch name or task description (for example, through indirect prompt injection if the agent is tasked to work on a branch named after a malicious payload), they could execute arbitrary shell commands in the user's terminal environment.
Audit Metadata