The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess to execute local development tools, including streamlit for running apps and python scripts for project audits.
[EXTERNAL_DOWNLOADS]: Fetches documentation from the official Streamlit documentation site (docs.streamlit.io) and package metadata from PyPI. These are well-known services and the downloads are used for documentation and version checking.
[REMOTE_CODE_EXECUTION]: Utilizes npx to execute the @playwright/mcp package for browser-based end-to-end testing. This is a standard automation pattern for development environments and is documented with associated security considerations.
[PROMPT_INJECTION]: The skill audits local Python project code to identify security risks. While this involves reading untrusted data that could contain indirect prompt injections, the analysis is performed using static parsing (ast.parse) which mitigates direct execution risks.
Ingestion points: scripts/audit_streamlit_project.py (reads .py files during scanning).
Boundary markers: None specified for the audit output, though the analysis is static.
Capability inventory: Subprocess execution for testing, documentation syncing via HTTP, and file system write operations for documentation storage.
Sanitization: Uses ast.parse for code analysis to avoid executing the ingested content.
[CREDENTIALS_UNSAFE]: References security best practices for handling secrets via Streamlit's native secrets management (.streamlit/secrets.toml) and environment variables, ensuring no sensitive data is hardcoded in templates.

streamlit-master-architect