Hey, thanks for the report. This is basically a feature request, not a bug. The current behavior is intended, but I agree the UX could be better.
Worktree slash commands currently run via the agent’s shell tool and generate dynamic bash scripts with unique IDs, so they can’t be added to the allowlist in a generic way. The team is aware of this limitation, and we’re planning to move the worktree lifecycle to the app side, like the old UI used to work. That should remove the permission prompts.
There’s already a similar request: /worktree and /apply-worktree should not require sandbox permission approvals /worktree and /apply-worktree should not require sandbox permission approvals. Could you upvote it for visibility?
I can’t share a timeline yet, but we’re tracking it.