The Agent Skills Directory

[COMMAND_EXECUTION]: The skill automatically detects project types and executes package manager commands such as npm install, pip install -r requirements.txt, poetry install, cargo build, and go mod download upon worktree creation.
[COMMAND_EXECUTION]: The skill executes testing suites (e.g., npm test, pytest, cargo test) to verify the baseline state of the new worktree.
[COMMAND_EXECUTION]: The skill performs file system modifications by appending entries to .gitignore and executing git commit automatically if the worktree directory is not already ignored.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it reads configuration preferences from the CLAUDE.md file using grep. Malicious content within that file designed to match the search pattern worktree.*director could potentially influence the directory selection or subsequent agent actions.
Ingestion points: Reads content from CLAUDE.md via grep in the Directory Selection Process section.
Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore potentially malicious content within the external file.
Capability inventory: The agent has capabilities to execute shell commands (git, npm, pip, etc.) and write to the filesystem.
Sanitization: There is no evidence of sanitization or validation of the input retrieved from CLAUDE.md before it is used to determine the path variable for command execution.

using-git-worktrees