using-git-worktrees

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This skill documentation describes a coherent and legitimate workflow for creating and bootstrapping git worktrees. There is no sign of hidden network exfiltration, hardcoded secrets, obfuscation, or deliberate backdoors. The practical security concerns are operational: automatic .gitignore commits and automatic runs of package management installs and tests can execute arbitrary code from the project or remote registries and modify repository history without an explicit confirmation step. Recommend adding explicit user confirmation before committing changes and before running dependency installs/tests, validating lockfiles, and expanding/normalizing home-directory paths. Overall classification: BENIGN but with moderate operational risk due to auto-execution of installs and commits. LLM verification: Functionally, the skill correctly implements a workflow to create and prepare isolated git worktrees and to ensure a tested baseline. There is no direct evidence of obfuscation or deliberate malware (no encoded payloads or network exfiltration targets). However, there are notable supply-chain and operational risks: automatic execution of dependency installs and tests (which can run arbitrary upstream code) without lockfile/integrity checks or sandboxing, and automatic commits to .gitignore that