safehouse-worktrees
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes shell commands to manage Git worktrees (
git worktree add), modify local files (.gitignore), and perform repository commits. - [EXTERNAL_DOWNLOADS]: Automatically triggers package managers (
npm,pip,poetry,cargo,go) to install dependencies from public registries based on project configuration files. These are well-known, trusted services. - [PROMPT_INJECTION]: Detects an indirect prompt injection surface (Category 8) where preferences are read from
AGENTS.mdusinggrep. - Ingestion points:
AGENTS.md(read via shell command). - Boundary markers: No markers or 'ignore' instructions are present for the processed data.
- Capability inventory: Includes file system modification, Git operations, and execution of arbitrary build/test tools found in the project.
- Sanitization: No validation is performed on the directory path extracted from the configuration file.
Audit Metadata