The Agent Skills Directory

[COMMAND_EXECUTION]: The skill performs shell operations using git commands for worktree management and invokes various language-specific package managers (npm, cargo, pip, poetry, go) to install dependencies and run tests within the new workspace.- [EXTERNAL_DOWNLOADS]: Installation steps for Node.js, Rust, Python, and Go projects trigger downloads from their respective official package registries (npmjs.org, crates.io, pypi.org, and proxy.golang.org) to fetch project dependencies.- [PROMPT_INJECTION]: The skill processes untrusted data from local repository files to determine its operational logic, which constitutes an indirect prompt injection risk.
Ingestion points: The skill reads configuration preferences from CLAUDE.md and project metadata from package.json, Cargo.toml, requirements.txt, pyproject.toml, and go.mod in the current directory.
Boundary markers: No specific delimiters or safety instructions are used to separate ingested data from the agent's internal command logic.
Capability inventory: The skill can execute arbitrary shell commands via package managers, modify the .gitignore file, commit changes to the repository, and perform network requests through build tools.
Sanitization: There is no evidence of sanitization or path validation for inputs derived from CLAUDE.md or project configuration files before they are used in path construction and command execution.

using-git-worktrees