Skills
skills/onsager-ai/dev-skills/parallel-worktrees/Gen Agent Trust Hub

parallel-worktrees

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to perform repository management and parallel workflow coordination using standard git and gh (GitHub CLI) commands. These operations, such as creating worktrees, rebasing branches, and merging pull requests, are central to the skill's legitimate functionality.
  • [EXTERNAL_DOWNLOADS]: The documentation includes an installation command using npx to fetch the skill package from the onsager-ai/dev-skills repository on the npm registry. This is a standard setup procedure for tools from the author's verified namespace.
  • [PROMPT_INJECTION]: The skill establishes an attack surface for indirect prompt injection because it encourages the agent to read and coordinate based on external data from GitHub pull requests, such as titles, bodies, and comments. This could allow an attacker with PR access to influence the agent's behavior.
  • Ingestion points: Reading pull request metadata and discussion threads via gh pr view and gh pr status as part of the coordination workflow described in references/agent-coordination.md.
  • Boundary markers: The instructions do not define specific delimiters or security guardrails for processing untrusted content retrieved from GitHub.
  • Capability inventory: The agent has capabilities to execute shell commands (git, gh) and perform file system writes within the designated worktree environment.
  • Sanitization: There is no mention of filtering or sanitizing external PR content before it is processed by the AI agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 10:41 PM
Security Audit — agent-trust-hub — parallel-worktrees