git-worktrees

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses eval "$TEST_CMD" in SKILL.md to execute a command dynamically generated by the detect-test-command.sh script. This results in the execution of commands that are likely derived from project configuration files (e.g., test scripts in package.json), which could be controlled by an attacker in a shared repository environment.
  • [REMOTE_CODE_EXECUTION]: The skill automatically executes package manager commands such as npm install, cargo fetch, pip install -e ., and go mod download based on detected manifest files. These operations fetch and potentially execute code from remote public registries.
  • [DATA_EXFILTRATION]: The skill presents an indirect prompt injection surface by reading configuration data from untrusted files like CLAUDE.md and project manifests to determine directory paths and execution commands.
  • Ingestion points: CLAUDE.md, package.json, Cargo.toml, pyproject.toml, go.mod, and other project manifest files.
  • Boundary markers: None present; the skill treats content from these files as trusted configuration.
  • Capability inventory: eval command execution, package installation (npm, pip, cargo, go), and file system operations via git worktree and mkdir (implied).
  • Sanitization: No explicit sanitization or validation of the commands detected by the helper script before execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 05:55 PM
Security Audit — agent-trust-hub — git-worktrees