The Agent Skills Directory

[DATA_EXFILTRATION]: The skill detects and copies .env files from original repositories to new worktrees. While this is local behavior intended to maintain development configurations, .env files are sensitive and frequently contain credentials, posing an exposure risk if handled incorrectly.
[PROMPT_INJECTION]: The skill's architecture is susceptible to indirect prompt injection and command injection because it uses untrusted repository names and user input for branch names and feature descriptions in shell command templates.
Ingestion points: Repository discovery via the find command and user-supplied strings in SKILL.md.
Boundary markers: Absent; no delimiters or instructions to ignore embedded content are used in command construction.
Capability inventory: Execution of powerful system tools including git, pip, npm, cargo, and go throughout SKILL.md.
Sanitization: Absent; the skill does not specify validation or escaping of paths or user input before execution.
[COMMAND_EXECUTION]: The skill makes extensive use of system utilities such as git, find, sed, cp, and rm to manage the filesystem and repository state.
[EXTERNAL_DOWNLOADS]: The skill triggers the installation of project dependencies using standard package managers including npm, pip, cargo, and go. These operations target well-known package registries and are consistent with the skill's primary development purpose.

git-worktree