The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Fetches pre-commit hook configurations and GitHub Action workflows from well-known and trusted organizations, including 'pre-commit', 'astral-sh', 'PyCQA', and official 'actions' repositories. These are standard, reputable sources for development tooling.
[COMMAND_EXECUTION]: The skill performs automated shell operations for development tasks, such as repository synchronization (using git fetch and rebase), framework installation, and executing test suites for pipeline verification.
[REMOTE_CODE_EXECUTION]: Implements dynamic script generation by creating and then executing an end-to-end test script (e.g., 'scripts/e2e_test.sh'). While this is a core functionality for testing CLI tools, it involves the execution of code generated at runtime.
[PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill reads data from the local repository (such as README files, package manifests, and source code) to discover CLI commands. This information is then used to generate shell scripts.
Ingestion points: Reads files like 'README.md', 'package.json', and source code files (SKILL.md, Workflow section).
Boundary markers: No explicit boundary markers or isolation logic is used when interpolating discovered command names into script templates.
Capability inventory: The skill has the capability to write to the filesystem and execute arbitrary shell commands via the generated scripts.
Sanitization: There is no evidence of sanitization or validation of the strings discovered during project analysis before they are placed into executable scripts.

devops-pipeline