The Agent Skills Directory

[COMMAND_EXECUTION]: The skill implements a shell tool using Bun.spawn to execute shell commands. This is a core functionality for the scaffolded agent to perform system tasks.\n- [COMMAND_EXECUTION]: Includes a specification for a js_repl tool that maintains a persistent JavaScript/TypeScript REPL process, allowing for dynamic code execution within the agent's context.\n- [EXTERNAL_DOWNLOADS]: The web_fetch tool specification in references/tools.md includes explicit instructions for SSRF (Server-Side Request Forgery) protection, directing the implementation to block access to localhost and private network IP ranges.\n- [SAFE]: Secret management follows industry standards, using environment variables and .env files for API keys rather than hardcoding sensitive information.\n- [SAFE]: The agent's retry logic is designed to prevent the double-execution of mutating tools (such as file writes or shell commands) by disabling retries once any tool call has been initiated.\n- [SAFE]: All identified dependencies, including @openrouter/agent, zod, ajv, and @modelcontextprotocol/sdk, are legitimate and originate from trusted sources or the skill's own organization.

create-headless-agent