git-worktree-setup
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes Git and shell commands to automate the lifecycle of Git worktrees. These operations are restricted to the local filesystem and repository context.
- [EXTERNAL_DOWNLOADS]: The skill identifies and invokes Node.js package managers (npm, yarn, pnpm, bun) to install project dependencies when initializing new worktree environments.
- [SAFE]: Safety protocols are deeply integrated into the workflows, including validation of repository status and user prompts before copying environment files or removing directories.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing Git branch names which may be attacker-controlled in malicious repositories.
- Ingestion points: Branch names are ingested via
git branchandgit worktree listcommands in various modes and templates. - Boundary markers: Data is typically processed as individual lines and displayed with status indicators, though explicit instructions to ignore embedded commands are not present.
- Capability inventory: The skill possesses capabilities to execute shell commands, install packages, and remove directories (e.g., in
modes/mode3-cleanup.md). - Sanitization: Shell scripts in the
templates/directory use standard quoting for variables to mitigate common command injection vectors.
Audit Metadata