sveltia-cms

This skill file is documentation and configuration guidance for deploying Sveltia CMS. It does not contain intentionally malicious code. The primary security concerns are operational and supply-chain in nature: users must deploy and trust their own OAuth proxy (or otherwise avoid using a third‑party hosted proxy), avoid placing sensitive tokens directly in config files, and be cautious when running install/deploy commands from repositories they cloned. The instructions to use PATs with repo scope and to fetch the runtime from a public CDN are normal for this type of tooling but warrant standard precautions (pin package versions, host your own auth proxy, limit token scopes, store secrets in environment/secret stores). Overall I find no evidence of malware in the provided content, but moderate supply-chain and configuration risks exist that depend on how users follow the instructions.