worktree-manager

The skill fragment is largely benign and coherent with its stated purpose of managing Alpha-Forge git worktrees, including slug generation and multi-mode workflows. The primary concern is credential handling: per-worktree .envrc generation that loads centralized secrets via direnv/dotenv may lead to accidental exposure if worktrees are shared, logged, or otherwise not properly isolated. No direct credential exfiltration or remote execution patterns are evident. Recommend adding explicit isolation/scoping guidance for secret handling, ensure per-worktree secrets are not logged, and consider integrating scoped permissions or auditing around direnv/dotenv usage to mitigate leakage risk.