Skills
skills/family3253/skill/superpowers-using-git-worktrees/Gen Agent Trust Hub

superpowers-using-git-worktrees

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes multiple shell commands to manage Git worktrees and initialize project environments.
  • Uses git worktree, git rev-parse, and git check-ignore to manage repository state.
  • Automatically invokes build and test tools including npm, cargo, pip, poetry, and go based on the presence of configuration files like package.json or Cargo.toml.
  • [EXTERNAL_DOWNLOADS]: The skill triggers the download of external dependencies through standard package managers.
  • Commands such as npm install, pip install, and go mod download connect to well-known official registries to fetch project requirements.
  • [PROMPT_INJECTION]: The skill ingests data from local configuration files which could potentially contain malicious content.
  • It searches CLAUDE.md for worktree directory preferences. While this is a data ingestion point, the skill uses the extracted data only for directory path selection, and the logic includes manual confirmation if no preference is found.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 08:18 AM
Security Audit — agent-trust-hub — superpowers-using-git-worktrees