using-git-worktrees

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This skill appears functionally aligned with its stated purpose (creating isolated git worktrees and verifying a clean baseline). There is no evidence of obfuscated or intentionally malicious code or exfiltration. However, the documentation instructs automatic modification/commit of .gitignore and automatic execution of dependency installs and tests, which can be surprising and expand the attack surface (install-time scripts, accidental commits). These behaviors are legitimate for convenience but should require explicit user confirmation, proper sanitization of branch names/paths, and guidance to use lockfiles or integrity checks. Overall the artifact is not malicious but has moderate operational/security risk if implemented as fully automatic without safeguards or user consent. LLM verification: This skill's stated purpose aligns with most of its capabilities, and the instructions are coherent. However, it performs high-impact actions: automatically modifying and committing .gitignore and automatically running dependency installation and test commands that fetch and execute remote code. Those actions are proportionally powerful and introduce supply-chain and repository integrity risks if performed without explicit, visible user consent. I assess this as SUSPICIOUS rather than benign: us