worktree-manager
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The
launch-agent.shscript generates temporary shell scripts usingmktempand executes them to initialize terminal environments. - [COMMAND_EXECUTION]: The skill configures and encourages the use of the
--dangerously-skip-permissionsflag when launching Claude agents, which allows for autonomous file system and command operations without user intervention. - [COMMAND_EXECUTION]: Cleanup operations involve the use of
lsofandkill -9to programmatically terminate processes running on allocated network ports. - [COMMAND_EXECUTION]: The skill uses
osascripton macOS to automate terminal applications like iTerm2 and Terminal.app. - [EXTERNAL_DOWNLOADS]: The documentation provides commands to download shell integration scripts from
iterm2.com, which is a well-known and trusted service for macOS terminal users. - [DATA_EXFILTRATION]: The workflow involves copying sensitive environment files (e.g.,
.env,.env.local) from the main repository to various temporary worktree directories in~/tmp/worktrees/.
Audit Metadata