skaffold-standards

This skill is primarily documentation and configuration guidance for Skaffold with dotenvx and OrbStack. Functionality and examples align with the stated purpose (using dotenvx to decrypt env values and generate Kubernetes Secret manifests for local development). The main security concerns are operational/supply-chain rather than immediate malicious code: the installer recommendation (curl | sh) is a high-risk download-and-execute pattern; writing plaintext secrets to k8s/app-secrets.yaml and advising storing DOTENV_PRIVATE_KEY in ~/.zshrc are insecure practices that increase secret exposure risk. Skaffold hooks executing shell commands is expected for this use case but means repository-provided configs can execute arbitrary host commands, which is a general risk when running untrusted repos. Overall I classify this as suspicious/vulnerable due to supply-chain and secret-handling practices, not confirmed malware.