The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/bootstrap_project.py script executes local shell commands using subprocess.run to manage Git operations. Specifically, it calls git init, git add, and git commit to initialize the project repository and create a bootstrap checkpoint. These operations are limited to the target project directory and use hardcoded Git subcommands.
[EXTERNAL_DOWNLOADS]: The skill configures project-local MCP servers by writing npx commands into configuration files (.mcp.json, .codex/config.toml). These commands reference well-known developer tools, including @playwright/mcp and shadcn. While these will trigger downloads from the npm registry when executed by a downstream agent runtime, they are standard resources for the intended development workflow and target well-known services.
[SAFE]: The instruction template bundled with the skill (references/instruction-template.md) contains several security-positive rules. Rule 21 explicitly prohibits agents from directly reading secrets from .env files, requiring them to ask the user for variable names instead. Rule 17 prevents hard deletion of files by mandating a 'Trash' mechanism, which is also implemented in the provided Python script to ensure user data is not lost during the bootstrap process.

project-agent-bootstrap