Skip to content

chore(scripts): Add git worktree management tools #5497

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
ericapisani wants to merge 1 commit into from

feat(scripts): Add git worktree management tools

daa8631
Select commit
Loading
Failed to load commit list.
Sign in for the full log view
Closed

chore(scripts): Add git worktree management tools #5497

feat(scripts): Add git worktree management tools
daa8631
Select commit
Loading
Failed to load commit list.
GitHub Actions / warden completed Feb 20, 2026 in 56s

1 issue

Medium

Path traversal allows worktree creation outside intended directory - `scripts/worktree-create.sh:17`

The Makefile regex validation ^[a-zA-Z0-9_/-]+The Makefile regex validation permits forward slashes in the NAME parameter. This allows path traversal sequences like ../../footo create worktrees outside the intended.worktrees` directory. An attacker with access to the Makefile target could create worktrees in arbitrary locations within the filesystem (relative to repo root), potentially overwriting or polluting other directories.

Also found at:

  • scripts/worktree-delete.sh:13
3 skills analyzed
Skill Findings Duration Cost
code-review 0 14.2s $0.15
find-bugs 1 51.1s $0.25
skill-scanner 0 33.2s $0.25

Duration: 98.5s · Tokens: 353.2k in / 7.1k out · Cost: $0.66 (+merge: $0.00)

View more details on GitHub Actions