parallel-worktrees
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions utilize shell commands to manage git worktrees and GitHub pull requests (e.g.,
git worktree add,git push,gh pr create). These are standard operations for the described functionality and require shell access. - [EXTERNAL_DOWNLOADS]: The setup section includes
npx skills add codervisor/forge@parallel-worktrees, which downloads and executes content from an external registry. This resource follows the vendor resource pattern for the author 'codervisor'. - [PROMPT_INJECTION]: The skill facilitates indirect prompt injection by defining a workflow where a primary agent briefs secondary agent sessions.
- Ingestion points: User-defined feature requests and task descriptions are interpolated directly into the briefs for secondary agents.
- Boundary markers: The provided briefing template lacks explicit delimiters or instructions to ignore embedded commands within the user-provided scope.
- Capability inventory: Secondary agents are granted broad access to the file system through git and the ability to perform network operations using the GitHub CLI.
- Sanitization: No mechanism is described for sanitizing or validating the content of the task briefs before they are processed by the secondary agent.
Audit Metadata