Skills
skills/obra/clank/Using Git Worktrees/Gen Agent Trust Hub

Using Git Worktrees

Pass

Audited by Gen Agent Trust Hub on May 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to run various shell commands to create git worktrees and initialize project environments using common tools like npm, cargo, pip, and go.
  • [EXTERNAL_DOWNLOADS]: Dependency installation steps involve downloading packages from official registries (e.g., NPM, PyPI, Crates.io). These are well-known services and the behavior is expected for the skill's purpose.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing repository-controlled files to determine which setup and test commands to run.
  • Ingestion points: Project configuration files such as package.json, Cargo.toml, and requirements.txt (SKILL.md).
  • Boundary markers: Not specified.
  • Capability inventory: Shell execution of install and test commands via npm, cargo, pip, poetry, and go (SKILL.md).
  • Sanitization: Not specified.
Audit Metadata
Risk Level
SAFE
Analyzed
May 30, 2026, 03:29 PM
Security Audit — agent-trust-hub — Using Git Worktrees