Skills
skills/phoenixtw/skills/create-worktree/Gen Agent Trust Hub

create-worktree

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes Git commands (git rev-parse, git worktree, git show-ref) and shell utilities (grep, echo) to automate the setup of development environments and the modification of project configuration files like .gitignore.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from the user to dynamically generate shell command arguments, creating an indirect prompt injection surface.
  • Ingestion points: User-supplied commit type, ticket ID, and title are used to construct variables (SKILL.md).
  • Boundary markers: No explicit delimiters or boundary instructions are provided to the agent to isolate user-supplied strings within the shell commands.
  • Capability inventory: The skill utilizes shell command execution and local file system write access (SKILL.md).
  • Sanitization: The instructions explicitly require the agent to slugify the title by converting it to lowercase, replacing spaces/underscores with hyphens, and stripping special characters.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 10:55 AM
Security Audit — agent-trust-hub — create-worktree