The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The worktree-manager.sh script is designed to copy environment configuration files (e.g., .env, .env.local) from the main repository to new worktree directories. These files frequently contain sensitive information such as API keys and credentials.
[EXTERNAL_DOWNLOADS]: The skill's primary instructions in SKILL.md direct the agent to run package managers like npm, pip, composer, and go to install dependencies after worktree creation. This results in downloading and executing third-party code from public registries based on repository contents.
[COMMAND_EXECUTION]: The skill uses a custom shell script to perform various system-level operations, including directory management with mkdir, file duplication with cp, and Git lifecycle commands such as git worktree and git checkout.
[EXTERNAL_DOWNLOADS]: The manager script performs a git pull operation, which retrieves and updates repository content from a remote origin, creating a pathway for external code to enter the local environment.
[COMMAND_EXECUTION]: The SKILL.md documentation claims the manager script automatically handles dependency installation, but the provided script lacks this code, which results in the agent performing these installations manually in the terminal.

git-worktree