The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill automatically duplicates sensitive environment files (e.g., .env, .env.local) from the main repository into multiple subdirectories within the project.
Evidence: The copy_env_files function in scripts/worktree-manager.sh iterates through all files matching .env* in the project root and copies them to the worktree path.
Risk: Duplicating secrets across multiple locations increases the attack surface for local data exposure and accidental credential leakage if the .gitignore modification fails or is bypassed.
[COMMAND_EXECUTION]: The script constructs filesystem paths and executes Git commands using unvalidated user input, making it vulnerable to path traversal.
Evidence: In scripts/worktree-manager.sh, the branch_name variable is used directly to construct the worktree_path ("$WORKTREE_DIR/$branch_name") without any sanitization or validation.
Risk: A malicious branch name containing directory traversal characters could allow the script to write or read files outside the intended .worktrees directory.
[PROMPT_INJECTION]: The skill contains an indirect prompt injection surface through its processing of untrusted branch names.
Ingestion points: The branch_name parameter in the create_worktree function.
Boundary markers: None present.
Capability inventory: Subprocess calls via git commands, file writing via cp, and directory creation via mkdir.
Sanitization: None present; the input is interpolated directly into path strings and command arguments.

git-worktree