parallel-worktrees
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes various git and GitHub CLI (gh) commands to manage the lifecycle of parallel workspaces, branches, and pull requests.\n- [EXTERNAL_DOWNLOADS]: The skill installation instructions use npx to fetch the package from the author's codervisor/forge repository.\n- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection through external pull request metadata. The skill uses the GitHub CLI to read content (titles, bodies, and comments) that can be controlled by third-party contributors.\n
- Ingestion points: Pull request content accessed via gh pr view, gh pr status, and gh pr list as described in references/github-pr-sync.md.\n
- Boundary markers: No delimiters or safety instructions are defined to separate untrusted PR data from agent commands.\n
- Capability inventory: Execution of shell commands (git, gh, npx), file system management (worktree creation/removal), and synchronization with remote repositories.\n
- Sanitization: No sanitization or validation of data retrieved from the GitHub API is specified.
Audit Metadata