peach-worktree
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill automates git and gh CLI operations. Destructive commands, such as directory removal using
rm -rf, are strictly protected by multiple guards: the worktree must be confirmed as detached from Git first, the path must exactly match the approved worktree, and the user must manually confirm the exact command at a checkpoint. - [PROMPT_INJECTION]: No direct prompt injection patterns were detected. The skill uses a mode-based execution logic determined by repository status rather than user-supplied free text. Potential indirect injection from git logs or PR metadata is mitigated by the requirement for human verification before any state-changing operations.
- [DATA_EXFILTRATION]: Network activity is confined to the user's configured remote repository and the official GitHub API. No unauthorized network operations, hardcoded credentials, or attempts to access sensitive local files (such as SSH keys or environment secrets) were identified.
Audit Metadata