Skills
skills/vadimcomanescu/codex-skills/using-git-worktrees/Gen Agent Trust Hub

using-git-worktrees

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands for Git worktree management, package installation, and test execution. Evidence: git worktree add, npm install, cargo build, and test runners found in references/examples.md.
  • [EXTERNAL_DOWNLOADS]: Dependencies are downloaded from official registries using standard tools (npm, pip, poetry, go) as part of environment setup.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface through the ingestion of project-specific configuration.
  • Ingestion point: Reads preferences from CLAUDE.md in references/examples.md.
  • Boundary markers: Absent.
  • Capability inventory: Includes file system modification, command execution, and package installation across all scripts (SKILL.md, references/examples.md).
  • Sanitization: Absent; configuration values are used directly in path construction. This is a low-risk configuration pattern common in development environments.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 08:45 PM
Security Audit — agent-trust-hub — using-git-worktrees