Security Audit

using-git-worktrees

github.com/sickn33/antigravity-awesome-skills

AI SkillCommit e36d6fd3b3f6

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

using-git-worktrees received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Unsanitized input in `git worktree add` command, Execution of potentially malicious build/test scripts in new worktree.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Filesystem Write

2 findings

Shell Execution

2 findings

Dynamic Code

2 findings

Security Findings2

Severity	Finding	Layer	Location
HIGH	Unsanitized input in `git worktree add` command The skill constructs a `git worktree add` command using variables `$path` and `$BRANCH_NAME`. If `$BRANCH_NAME` (or `$LOCATION` which influences `$path`) is derived from untrusted user input without proper sanitization, an attacker could inject arbitrary shell commands. For example, a branch name like `"; rm -rf /; #` could lead to critical system compromise by executing arbitrary code on the host system. Implement robust input sanitization for `$BRANCH_NAME` and `$LOCATION` before using them in shell commands. Ensure that these variables only contain valid branch/path characters and do not allow for command delimiters or special characters. Consider using a dedicated git library function for worktree creation if available, or explicitly escaping user-provided input.	LLM	SKILL.md:92
HIGH	Execution of potentially malicious build/test scripts in new worktree The skill instructs the agent to execute various build and test commands (`npm install`, `cargo build`, `pip install`, `poetry install`, `go mod download`, `npm test`, `cargo test`, `pytest`, `go test`) within a newly created git worktree. If the worktree is created from a branch or repository containing malicious project configuration files (e.g., `package.json` with malicious `postinstall` scripts, `Cargo.toml` with malicious build scripts), these commands will execute arbitrary code, leading to command injection. This risk is heightened if the branch name is user-controlled, allowing an attacker to introduce malicious code into the worktree. Before executing build or test commands in a new worktree, verify the integrity and trustworthiness of the source branch/repository. If the source is untrusted or potentially compromised, prompt the user for explicit confirmation before executing any scripts. Consider sandboxing the execution environment for these commands to limit potential damage.	LLM	SKILL.md:99

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/1d128a9406a38f0e.svg)](https://skillshield.io/report/1d128a9406a38f0e)