use-git-worktree

This skill is a well-scoped workflow for creating and managing git worktrees. It does not contain obvious backdoors, remote endpoints, obfuscated payloads, or direct credential harvesting. The primary security concerns are operational: running package manager installs and test suites executes repository and third-party code (an expected but powerful capability), and the auto-merge path can alter the main branch and delete branches/worktrees if used without appropriate human review. Recommend requiring explicit user confirmation for .gitignore changes, package install/build/test execution, and any auto-merge operation. Treat package installs and test runs in untrusted repositories as potentially dangerous; run them in isolated environments or with least privilege.