Using Git Worktrees

The skill is classified as suspicious due to its broad permissions and automatic execution of high-impact actions. Specifically, the agent is instructed to automatically modify the project's `.gitignore` file and commit the changes if a worktree directory is not ignored, which is a significant modification to the version control system. Additionally, the skill automatically executes dependency installation, build, and test commands (e.g., `npm install`, `pip install -r requirements.txt`, `cargo build`, `npm test`) based on detected project files. While these actions are plausibly needed for setting up a development environment, they involve executing arbitrary code from potentially untrusted project dependencies without explicit user confirmation for each step, posing a supply chain risk. These instructions are found in `SKILL.md`.