The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local bash scripts that perform destructive file system operations. The scripts scripts/cleanup-worktree.sh and scripts/convert-to-bare.sh utilize rm -rf to delete directories during repository cleanup and structure conversion. Additionally, scripts/open-in-tmux.sh uses a shell heredoc (<<EOF) that allows for shell variable expansion and command substitution of the user-provided context.
[EXTERNAL_DOWNLOADS]: The skill automates interaction with remote repositories. It uses git clone in scripts/bare-clone.sh and GitHub CLI commands such as gh pr view and gh pr checkout in scripts/create-worktree.sh to fetch external content.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface and potential command injection risk. Ingestion points: User input for feature names, descriptions, and task notes are collected via the agent. Boundary markers: The skill writes this untrusted data to CLAUDE.local.md without using delimiters or instructions to ignore embedded commands. Capability inventory: The skill has permissions to write files, execute scripts, and run git/tmux commands. Sanitization: The bash snippets in SKILL.md interpolate user-provided strings (like {description}) directly into double-quoted shell command arguments without escaping metacharacters like backticks or dollar signs, which could lead to command execution during the agent's workflow.

git-worktree