using-git-worktrees

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands to manage Git worktrees (git worktree add), verify environment state (git check-ignore, git rev-parse), and run standard development tools. These operations are restricted to the local filesystem and repository context.
  • [EXTERNAL_DOWNLOADS]: The skill triggers dependency installations via standard package managers (npm install, pip install, poetry install, go mod download, cargo build). These downloads target well-known official registries such as npmjs.com, pypi.org, and crates.io.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes project configuration files to determine the environment type and execution path.
  • Ingestion points: Reads package.json, Cargo.toml, requirements.txt, pyproject.toml, go.mod, and CLAUDE.md.
  • Boundary markers: None (standard for development-focused skills).
  • Capability inventory: Executes installation and test suites via npm, cargo, pip, poetry, go, and pytest.
  • Sanitization: None; the skill assumes the integrity of the repository files it operates upon.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 04:39 PM
Security Audit — agent-trust-hub — using-git-worktrees