using-git-worktrees

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This skill's intent and documented actions are coherent with creating and managing git worktrees, but it contains several risky operational choices: automatically editing and committing .gitignore and automatically running installs/builds/tests immediately in the new worktree. Those behaviors broaden the skill's privileges (repo write + network + code execution) beyond what is strictly necessary to 'create an isolated workspace' and therefore pose a moderate supply-chain risk. There is no evidence of embedded malware or obfuscation in the text, but the documented workflow could enable dependency-based supply-chain attacks or accidental repository commits. Recommendations: require explicit user confirmation before modifying .gitignore or committing; make dependency installs/tests optional or run them in a sandbox/container with network restrictions; verify lockfiles/integrity before installing; and log/display the exact commands that will run so users can review/approve them. LLM verification: This skill's purpose (creating isolated git worktrees and bootstrapping a project) aligns with most of its capabilities, but it includes high-impact operations that are disproportionate without explicit user consent: automatically adding/committing .gitignore entries and automatically running package installs/tests in the new worktree. Those actions can execute arbitrary third-party code and modify repository history. I assess low probability of deliberate malware in the document itself, but mod