Skills
skills/gmickel/flow-next/flow-next-worktree-kit/Gen Agent Trust Hub

flow-next-worktree-kit

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The script executes standard git and filesystem commands (git worktree, mkdir, cp, git fetch) to automate workspace management. These operations are scoped to the local repository.
  • [EXTERNAL_DOWNLOADS]: The skill performs git fetch origin when creating new worktrees to ensure local branch references are up to date. This is a standard and expected behavior for git-related tools.
  • [SAFE]: The script implements multiple defensive programming patterns: it uses git check-ref-format to validate branch names, explicitly checks every path component for symlinks to prevent hijacking or traversal attacks, and uses the -n (no-overwrite) flag when copying environment files to prevent accidental data loss.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 01:08 AM
Security Audit — agent-trust-hub — flow-next-worktree-kit