The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to execute workmux commands and standard shell utilities like mktemp and cat. This behavior is consistent with its stated purpose of managing Git worktrees.
[DATA_EXFILTRATION]: The skill explicitly instructs the agent to avoid reading, searching, or exploring the codebase ('HARD RULE — NO EXCEPTIONS: Do NOT explore, read, grep, glob, or search'). This significantly reduces the risk of accidental or malicious data exposure.
[INDIRECT_PROMPT_INJECTION]: While the skill processes user-supplied task descriptions to generate prompts for other agents, it uses a secure shell pattern (cat > "$tmpfile" << 'EOF') in its implementation logic. Quoting the heredoc delimiter ('EOF') ensures that user content is treated as a literal string and prevents shell expansion or command injection during the file-writing process.
[REMOTE_CODE_EXECUTION]: No evidence of external downloads, unverified package installations, or remote script execution was found. All operations are performed locally using the provided workmux tool.

worktree