worktree-dispatch

[Skill Scanner] Instruction directing agent to run/execute external content All findings: [CRITICAL] command_injection: Instruction directing agent to run/execute external content (CI011) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] The dispatcher skill implements a convenient orchestration workflow to spawn parallel agents in git worktrees, but it introduces moderate to significant supply-chain and data-exfiltration risks. The primary issues are unmediated transmission of prompt and repo context to external agent backends, powerful local git/process privileges for spawned agents, and lack of sanitization or merge-review controls. For safe use, require trusted/self-hosted agent endpoints, add automated prompt redaction, restrict or sandbox agent filesystem access, and mandate human review before merges. LLM verification: The skill's stated purpose (dispatch tasks into parallel worktrees and launch agents) matches its capabilities, but the mechanism (writing temp files and embedding their contents into wt switch invocations) creates a straightforward data-exfiltration path to remote AI endpoints. The ability to instruct spawned agents to read repository files and to run wt merge increases privilege and risk. There is no evidence of direct malware in the skill, but because it can forward repository contents and pr