The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (LOW): The skill documentation references 'JosiahSiegel/claude-plugin-marketplace' as a source for plugins, which is an untrusted third-party entity. It also demonstrates 'npx -y' for automatic download and execution of various Model Context Protocol (MCP) servers.
[COMMAND_EXECUTION] (SAFE): The skill includes multiple shell scripts for common developer tasks such as formatting, linting, and testing. These scripts are invoked via hooks and are intended to run on the user's local codebase.
[CREDENTIALS_UNSAFE] (SAFE): Best practices for security are followed by recommending environment variables for sensitive API keys (e.g., STRIPE_API_KEY, GITHUB_TOKEN) rather than hardcoding them within configurations.

advanced-features-2025