The Agent Skills Directory

[DYNAMIC_EXECUTION]: The shell function in references/wt.bash uses source "$main/.wtsetup" to load configuration. Since .wtsetup is a shell script generated from project-level analysis, this executes its contents in the user's shell environment.
[COMMAND_EXECUTION]: Both references/wt.bash and references/wt.fish use eval to execute commands stored in the install and post_setup variables within the .wtsetup file. These commands are automatically derived from the project's lockfiles and directory structure.
[PERSISTENCE_MECHANISMS]: The skill guides the user to modify shell startup files (e.g., ~/.bashrc, ~/.zshrc) or the fish functions directory to install the wt command. This is the primary delivery mechanism for the utility.
[DATA_EXPOSURE]: The scripts/analyze-project.sh script is specifically designed to locate sensitive files like .env*, master.key, and .secret* to ensure they are replicated in new worktrees. While the data is handled locally, the skill proactively identifies and manages sensitive file paths.
[INDIRECT_PROMPT_INJECTION]: The skill generates instructions for the wt command by scanning repository contents (lockfiles, compose files). A malicious repository could theoretically influence the generated install or post_setup commands, though the skill mitigates this by instructing the user to review the configuration before use.
Ingestion points: scripts/analyze-project.sh reads docker-compose.yml, various lockfiles, and file listings from the project root.
Boundary markers: None used in the generated .wtsetup file or during the eval execution.
Capability inventory: Uses git worktree, mkdir, cp, ln, sed, and arbitrary command execution via eval.
Sanitization: The branch name is slugified, but the commands extracted from lockfiles are not sanitized before being placed in eval strings.

wt