using-git-worktrees

This skill's stated purpose — creating isolated git worktrees with safety checks and performing project setup and baseline tests — aligns with the documented capabilities. The main security risk stems from running package manager install/build commands and executing project test suites in a newly created worktree: these operations download and run third-party code (supply-chain risk) and can execute arbitrary scripts. Additionally, the skill's behavior of automatically updating .gitignore and committing that change is a privileged repository modification that should require clear, explicit user consent. Overall the skill is coherent with its purpose but carries moderate supply-chain and autonomy risks; it is acceptable for interactive use with explicit user approvals, but it should not be run autonomously without safeguards (confirmation before commits/installs, optional dry-run, enforcement of lockfile integrity).