git-worktree

This skill is consistent with its stated purpose of managing git worktrees and performing supportive tasks (creating branches, adding worktrees, updating .gitignore, copying .env files). There are no indicators of remote code download, network exfiltration, or obfuscated/malicious payloads in the provided documentation. The primary security concern is the automatic copying of .env (and related) files into worktrees: duplicating secrets increases exposure and the risk of accidental disclosure or commits. The script's centralization (requiring it for all worktree operations) concentrates side effects in one place — convenient but worth auditing. Recommended mitigations: make copying of environment files opt-in (or mask/filter secrets), document and provide a dry-run mode, ensure copied .env files are git-ignored and not accidentally committed, and make the script's behavior auditable before running it under automation or an agent.