The Agent Skills Directory

[COMMAND_EXECUTION]: The skill constructs shell commands by directly interpolating user-provided arguments (branch-name, base-branch) into strings like git worktree add ../{branch-name} and mkdir -p "../{branch-name}/$env_file". If a user provides input containing shell metacharacters (e.g., ;, &, |), it could lead to arbitrary command execution on the host system.
[CREDENTIALS_UNSAFE]: The instructions explicitly search for and copy .env and .env.local files from the current directory to the new worktree. These files frequently contain sensitive secrets such as API keys, database credentials, and environment-specific configuration, and their automated handling by an AI agent increases the risk of credential exposure.
[EXTERNAL_DOWNLOADS]: The skill executes package manager commands including npm install, uv sync, and pip install within the generated worktree. These commands download and install external code from public registries (NPM, PyPI) and can trigger arbitrary code execution through repository-defined lifecycle hooks or scripts.

create-worktree