The Agent Skills Directory

[CREDENTIALS_UNSAFE] (MEDIUM): The copy_env_files function in scripts/worktree-manager.sh automatically scans for and copies all files matching the .env* pattern from the repository root into new worktree directories.
Evidence: The script iterates through "$GIT_ROOT"/.env* and uses cp to duplicate these files.
Risk: This practice spreads sensitive credentials (API keys, database passwords, etc.) across multiple locations on the disk. While the script attempts to mitigate exposure by adding .worktrees to .gitignore, the automated duplication of secrets increases the risk of accidental data leakage or discovery by other local processes.
[COMMAND_EXECUTION] (LOW): The skill relies heavily on shell script execution to perform Git operations and filesystem modifications.
Evidence: SKILL.md instructs the agent to execute bash ${CLAUDE_PLUGIN_ROOT}/.../worktree-manager.sh with several subcommands.
Risk: While the script uses double-quoting for variables like "$branch_name" and "$worktree_path", it remains a potential surface for path manipulation or shell-related attacks if the input (such as a branch name) is sourced from an untrusted or maliciously crafted context.

git-worktree