Skills
skills/soyio-id/skills/create-worktree/Gen Agent Trust Hub

create-worktree

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes repository-local scripts located in the bin/ directory, such as bin/worktree-add, bin/worktree-up, and bin/worktree-env. This behavior is the primary intended purpose of the tool for supporting repo-aware workflows.\n- [COMMAND_EXECUTION]: User-provided inputs, including branch names and pull request numbers, are interpolated into shell commands for git fetch, git worktree add, and printf.\n- [PROMPT_INJECTION]: The skill processes untrusted input strings (branch names and PR numbers) which represents a potential surface for indirect prompt injection.\n
  • Ingestion points: User-supplied <branch-name> and pr:<number> inputs processed in SKILL.md.\n
  • Boundary markers: No explicit delimiters are used for the interpolated variables.\n
  • Capability inventory: Access to git CLI and the ability to execute any script within the repository's bin/ directory.\n
  • Sanitization: The skill performs slugification (removing special characters) when generating directory paths, although raw inputs are passed to git commands.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 02:06 PM