git-worktrees
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
eval "$TEST_CMD"inSKILL.mdto execute a command dynamically generated by thedetect-test-command.shscript. This results in the execution of commands that are likely derived from project configuration files (e.g., test scripts inpackage.json), which could be controlled by an attacker in a shared repository environment. - [REMOTE_CODE_EXECUTION]: The skill automatically executes package manager commands such as
npm install,cargo fetch,pip install -e ., andgo mod downloadbased on detected manifest files. These operations fetch and potentially execute code from remote public registries. - [DATA_EXFILTRATION]: The skill presents an indirect prompt injection surface by reading configuration data from untrusted files like
CLAUDE.mdand project manifests to determine directory paths and execution commands. - Ingestion points:
CLAUDE.md,package.json,Cargo.toml,pyproject.toml,go.mod, and other project manifest files. - Boundary markers: None present; the skill treats content from these files as trusted configuration.
- Capability inventory:
evalcommand execution, package installation (npm,pip,cargo,go), and file system operations viagit worktreeandmkdir(implied). - Sanitization: No explicit sanitization or validation of the commands detected by the helper script before execution.
Audit Metadata