The Agent Skills Directory

[SAFE]: The skill is a developer productivity tool that performs local static analysis of project manifests and lockfiles to suggest CI/CD configurations. It does not attempt to exfiltrate data, perform unauthorized network requests, or establish persistence.
[DATA_EXPOSURE]: The pipeline_linter.py script contains diagnostic patterns to detect hardcoded secrets, API tokens (e.g., GitHub PATs, AWS keys), and private keys in YAML files. This is a security feature intended to prevent users from accidentally committing credentials to version control.
[COMMAND_EXECUTION]: The skill provides Python scripts (pipeline_generator.py, cache_optimizer.py, pipeline_linter.py) that are designed to be run as CLI tools for DevOps automation. The shell commands generated within the CI/CD templates (such as pnpm install or pytest) are standard for the intended use cases and follow industry best practices for caching and matrix builds.
[INDIRECT_PROMPT_INJECTION]: The skill ingests local file data (lockfiles and configs) to determine the project stack. This represents an indirect ingestion surface; however, the detection logic uses regex and existence checks rather than executing the content of these files, making the risk of exploitation minimal.

ci-cd-pipeline-builder