control-tower
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data exfiltration were found in the skill body or the associated rule files.
- [COMMAND_EXECUTION]: The skill uses shell commands specifically for git worktree management (
git worktree list,git worktree remove) and branch cleanup. These operations are restricted to the.claude/worktrees/directory and are aligned with the skill's stated purpose of project maintenance. - [DATA_EXPOSURE_AND_EXFILTRATION]: Analysis confirmed that the skill does not access sensitive system paths (e.g., SSH keys, cloud credentials) or perform network requests to untrusted external domains.
- [INDIRECT_PROMPT_INJECTION]: The skill uses local project files within the
spec/directory to track workflow progress. While this involves reading untrusted data, the operation is limited to state detection and does not expose high-privilege capabilities to the ingested content. - Ingestion points: Files in the
spec/directory and itshistory/subdirectory. - Boundary markers: Not explicitly defined in the state-detection logic.
- Capability inventory: File reading, git operations, and orchestration of other internal skills.
- Sanitization: Standard path traversal protections are assumed to be handled by the agent platform's tool constraints.
Audit Metadata