worktree-manager

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly instructs agents to bypass permission checks (using --dangerously-skip-permissions) and performs global filesystem and registry modifications (creating/removing worktrees, copying ~/.claude, updating ~/.claude/worktree-registry.json, running hooks that can rm -rf paths and install dependencies), enabling autonomous, potentially destructive changes to the host.