using-git-worktrees

[Skill Scanner] Credential file access detected No indicators of deliberate malware in this artifact. The procedure is useful but contains two notable risky behaviors: automatically executing dependency install/build/test commands (network fetch + execution of third-party code) and automatically modifying and committing .gitignore. Both are legitimate in interactive developer workflows but are sensitive if performed autonomously by an agent. Mitigations: require explicit user consent before commits and before running install/build/test steps; offer dry-run, output inspection, or sandboxed/container execution to reduce supply-chain and execution risks. LLM verification: This skill is functionally legitimate for creating isolated git worktrees and performing project setup and baseline tests. It does not contain explicit backdoors, obfuscated code, or known malicious network endpoints. However, it performs high-impact side effects (automatic .gitignore commits, running package managers and tests) that increase supply-chain and repository-integrity risk if executed without explicit user approval. Recommended mitigations: require explicit user consent before commit