using-git-worktrees
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements standard development workflows for managing Git worktrees and project initialization.
- [COMMAND_EXECUTION]: Executes Git and shell commands to manage repository state and workspace isolation. These actions are transparent and necessary for the skill's documented purpose.
- [EXTERNAL_DOWNLOADS]: Triggers standard package managers (npm, pip, cargo, poetry, go) to install project dependencies. This is a legitimate development operation performed upon workspace initialization.
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection by reading configuration preferences from project-controlled files. Ingestion points: CLAUDE.md (Step 2). Boundary markers: None. Capability inventory: git worktree add, npm install, cargo build, pip install, poetry install, go mod download, npm test, cargo test, pytest, go test. Sanitization: None. The current implementation is limited to identifying directory path strings.
Audit Metadata