The Agent Skills Directory

[SAFE]: The skill implements a robust security model. It includes a comprehensive secret detection utility (secret-detection.sh) that identifies over 40 types of hardcoded credentials. Furthermore, the generated settings.json uses a strict deny list to prevent the execution of destructive commands (e.g., rm -rf /, chmod 777) and the accidental reading of sensitive files like .env or SSH keys.
[COMMAND_EXECUTION]: The skill utilizes the Bash tool primarily for project environment detection, executing security validation hooks, and managing git workflows. These operations are transparently documented and aligned with the skill's primary function as a development scaffolding tool.
[EXTERNAL_DOWNLOADS]: The skill is installed from a public GitHub repository using the standard npx skills add workflow. It references official Anthropic engineering documentation and well-known technology domains (e.g., GitHub, Docker, standard web frameworks) for configuration templates, all of which are considered trusted or well-known sources.
[SAFE]: The 'Fusion Architecture' (Planner -> Generator -> Evaluator) introduced by the skill promotes a security-first 'Generator-Evaluator separation' principle. This ensures that the code implemented by one agent is objectively reviewed by a separate agent against predefined testable criteria, reducing the risk of autonomous agents introducing or overlooking security vulnerabilities.

harness-creator