The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/cleanup-worktree.sh contains the command eval echo "$WORKTREE_PATH". The use of eval on a variable that can be influenced by user input (via the agent) creates a shell injection vulnerability, allowing for arbitrary command execution if the path contains shell metacharacters.
[CREDENTIALS_UNSAFE]: The skill is designed to manage and load shared secrets from ~/eon/.env.alpha-forge. It automatically creates .envrc files in new worktrees that source this specific file. This pattern centralizes access to sensitive credentials, which could be exposed if a worktree is compromised.
[PROMPT_INJECTION]: The skill processes natural language descriptions to derive slugs for branch names and file paths, presenting an indirect prompt injection surface.
Ingestion points: User-provided descriptions in Step 1 of SKILL.md which are passed to the --slug parameter of the create-worktree.sh script.
Boundary markers: The skill uses markdown tables and headers to separate instructions from data but lacks explicit delimiters or instructions to the model to ignore embedded commands within the descriptions.
Capability inventory: The skill has the ability to write to the filesystem, execute Bash scripts, and perform Git operations (worktree and branch management).
Sanitization: While create-worktree.sh performs basic shell-based sanitization using tr and cut to generate acronyms and slugs, it relies on the model to correctly transform input before it reaches the script.

worktree-manager