The Agent Skills Directory

[COMMAND_EXECUTION] (SAFE): The skill utilizes bun install, bun test, and bun run build as part of its core development workflow. While these commands execute code and install dependencies, they are standard for the tool's primary purpose of software development and are executed within the local development context.
[EXTERNAL_DOWNLOADS] (SAFE): The bun install command downloads packages from the official NPM registry. This is expected behavior for a Node.js/TypeScript development environment.
[DATA_EXPOSURE] (SAFE): The requirement_template.md file contains placeholders for API keys and tokens (e.g., [Keys/Tokens], sk-). There are no hardcoded secrets or sensitive credentials present in the provided files.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to process external requirements and design documents which could theoretically contain malicious instructions. However, the risk is inherent to the development workflow, and the skill provides a structured template to guide safe implementation.
[SECURITY_POSTURE] (SAFE): The provided Python scripts (package_skill.py and quick_validate.py) perform standard file system operations (zipping and regex validation) without any dangerous side effects or obfuscation.

tool-dev