The Agent Skills Directory

[COMMAND_EXECUTION]: The skill scaffolds multiple JavaScript helper scripts (e.g., datocms-release.mjs, datocms-reset-sandbox.mjs, datocms-autogenerate-migration.mjs) intended for project management. These scripts use child_process.spawnSync to execute commands via the DatoCMS CLI (npx datocms). This behavior is consistent with the skill's stated purpose of providing project setup and migration orchestration.
[EXTERNAL_DOWNLOADS]: The recipes instruct the agent to install various official DatoCMS and third-party development packages (e.g., @datocms/cma-client, react-datocms, gql.tada) using the project's detected package manager (npm, yarn, pnpm, or bun). These dependencies are standard for the supported frontend frameworks and DatoCMS integrations.
[DYNAMIC_EXECUTION]: Several generated scripts, such as datocms-sync-webhooks.mjs and datocms-sync-build-triggers.mjs, use the import() function to dynamically load local configuration files. This is a standard pattern for CLI tools to load project-specific settings.
[PROMPT_INJECTION]: The skill instructions include behavioral directives such as "Silently examine project" and "Ask zero questions by default". These are standard UX patterns for automated setup tools aimed at reducing user friction during the discovery phase and do not constitute malicious attempts to bypass safety guardrails or conceal unauthorized actions.

datocms-setup