using-git-worktrees

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] The recipe is functionally correct and useful for provisioning isolated worktrees, but it contains operational behaviors that materially increase supply-chain risk: auto-committing .gitignore entries and automatically running dependency installs and tests (which execute arbitrary scripts) without mandatory confirmations or sandboxing. With current design, this is not actively malicious but is risky and could be abused by an adversary or cause unintended repository changes. Treat as a high-risk automation primitive that requires strong safeguards (explicit consent, sandboxing, checksum/lockfile verification, and audit logging) before use in untrusted environments. LLM verification: This skill's purpose (creating isolated git worktrees and bootstrapping a project) aligns with most of its capabilities, but it includes high-impact operations that are disproportionate without explicit user consent: automatically adding/committing .gitignore entries and automatically running package installs/tests in the new worktree. Those actions can execute arbitrary third-party code and modify repository history. I assess low probability of deliberate malware in the document itself, but mod