The Agent Skills Directory

[COMMAND_EXECUTION]: The skill implements dynamic context injection via the ! syntax in SKILL.md, which triggers the execution of scripts/gitlab_context.py at load time. This script gathers pipeline information using configured GitLab tokens.\n- [COMMAND_EXECUTION]: The script scripts/get_gitlab_context.py utilizes subprocess.run to call the glab CLI tool. It includes a security check using shutil.which to mitigate partial path vulnerabilities when locating the binary.\n- [DATA_EXFILTRATION]: The scripts/validate_glfm.py script attempts to harvest a GITLAB_TOKEN by reading the contents of ~/.bashrc. Reading shell configuration files to extract credentials is a sensitive operation that poses a data exposure risk.\n- [EXTERNAL_DOWNLOADS]: The scripts/sync_gitlab_docs.py utility downloads documentation archives from the official GitLab repository (gitlab.com). This targets a trusted source and uses secure extraction methods with the filter="data" flag in the tarfile module.

gitlab-skill