The Agent Skills Directory

[SAFE]: No malicious patterns or security vulnerabilities were detected. The skill demonstrates a high security posture through explicit rules for handling secrets and credentials, specifically prohibiting the reading of sensitive system files and hardcoded secrets.
[COMMAND_EXECUTION]: The skill makes extensive use of standard developer command-line interfaces, including gcloud, supabase, gh, and bun, to perform engineering and platform operations. These commands are used for legitimate purposes such as managing infrastructure, databases, and code execution.
[EXTERNAL_DOWNLOADS]: References official installation and configuration scripts from well-known technology services. For example, it includes the official installation command for the Bun runtime from bun.sh.
[PROMPT_INJECTION]: The skill is designed to process external inputs such as pull request comments and CI/CD logs. This creates a potential surface for indirect prompt injection; however, the skill includes several mitigations: it uses operation contracts to enforce specific task flows, requires manual triage and classification of feedback before execution, and is governed by strict guardrails that prevent the extraction of sensitive information even if requested by an external source.

coding